With the start of October come thoughts of Halloween (at least if you live in the U.S.), fall colors and a real change of season - as well as the start of National Cybersecurity Awareness Month for the U.S. Much of this month's focus will be on personal awareness and activities about how people can be safe online. But we don't spend much effort this month on organization's overall IT Security posture, especially IT Security professionals own awareness of what it takes to run a secure business or organization. This year as part our 2015 Vormetric Insider Threat Report research , we found that there are some real gaps in IT professional understanding world wide of what it takes to keep data secure.
ClickToTweet: 3 gaps in #CyberAware for IT Professionals http://bit.ly/1KX0LBb pic.twitter.com/PbSQtM1300
The first gap - An over-reliance on compliance to insure data security.
Japan respondents, and those in the U.S. Healthcare industry reported that their primary reason for protecting sensitive data were compliance requirements. Even though numbers in some other geographies or vertical segments were lower.
In this case even the global numbers where quite high ... Meeting compliance requirements at 50% was just below the top reason - Reputation and Brand protection.
And what's more, a very high percentage felt that compliance requirements were very or extremely effective at preventing threats to data - 58%.
This in spite of the fact that for a number of top tier data breaches, organizations such as Target were in compliance with regulations such as PCI DSS when the data breach occurred. Often having just passed their yearly audit.
The second gap concerns awareness of the tools that are most effective at combating threats to data. Although the numbers varied across geographies in their size, time and again, we found that tools that have performed poorly at protecting data - such as network defenses and end point/mobile defenses - were rated extremely effective as a defense and targeted for increased spending.
Time and again, data breaches have started with a failure in network security (Analyst will typically say, it isn't if your network will be breached, it's when) or in an account compromise started at an end point device. So far, although these defenses can definitely improve, they can't stop attacks on data.
Third and last - People are worried about the wrong locations. Typically those like mobile that have the lowest amounts of data stored when hackers are actively looking to compromise primary data stores. Mobile scored in the top 3 for where organizations were most worried about data, even while respondents recognized that their volumes of data were on servers, in databases or in cloud environments.
So as we think this month about Cybersecurity Awareness for the public and our employees in general, let's not forget to educate ourselves as well.