Security complexity increases risk of breaches

Firms have reported it is becoming increasingly difficult to fend off complex cyber attacks making breaches harder to prevent

Firms are being attacked inside and out as hackers and internal data breaches cause problems that many responsible for IT security are struggling to deal with. 

A survey of IT professionals has shown that the complexity of security is increasing the risk from external hackers with 64% reporting growth in such attacks in the past year. Adding to the problems more than half (57%) also reported an increase in the risk of internal data breaches

“Even though organisations are concerned about securing their networks, and are deploying more products to deal with a growing range of threats, external attacks and internal incidents continue to increase,” said Tom Davison, UK technical director for Check Point, which carried out the survey.  

The survey also showed 42% of respondents citing the growing number of different products adding complexity to network protection as a major contributing factor to increased risks and 40% felt simplification would improve overall security.

“The complexity of networks, applications and security products is making it harder for IT teams to manage their security estates, which is leading to vulnerabilities not being addressed, and employees inadvertently causing breaches,” said Davison

The internal data breaches were felt to be largely due to the growing use of web and social media applications, despite large numbers of organisations employing clearly defined security policies to reduce these risks, with some going as far as locking down USB ports and restricting the use of social media.

Respondents also expressed concern over the integrity of security across their networks with 45% stating they frequently run vulnerability and threat scans on their networks and 30% running scans occasionally. 

“When the security solutions themselves are creating a risk, it’s vital that organisations rethink their approach to protecting their networks and data,” Davison concluded.  “They need to simplify and consolidate security management, and make it easier to establish security policies and practices that employees can easily follow, to curb the risk of attacks and breaches.”

Read more on Data Protection Services