Employees ignore security rules, say infosec pros

Most information security professionals believe corporate employees wilfully ignore security rules, survey at RSA Conference 2013 reveals

Most information security professionals believe that corporate employees deliberately ignore security rules, a survey at RSA Conference 2013 has revealed.

This is the view of 80% of nearly 250 IT security professionals polled by identity and security management firm Lieberman Software.

More than half of those said they do not believe end-users would listen more, even if these mandates were issued by executive management.

“These figures highlight the fact that most end-users are still not taking IT security seriously and are unnecessarily putting corporate data – and potentially customer information – at risk, said Philip Lieberman, CEO of Lieberman Software.

He said these behaviours are continuing even after it has been proven that human error is the leading cause of data breaches.

Read more on privileged access:

  • Privilege access management: User account provisioning best practices
  • Privileged accounts are hacker sweet spot
  • Privileged account policy: Securely managing privileged accounts
  • Privileged user access management: How to avoid access creep
  • Security Think Tank: Least privilege is key to blocking IP theft
  • Exchange Server administration policy: Managing privileged user access

“Organisations need to implement better cyber security training that properly instructs staff about the consequences of data breaches,” said Lieberman.

He believes that IT groups must also look beyond conventional security products and invest in technology like privileged identity management to ensure that powerful privileged accounts are available only to authorised IT personnel with limited-time, audited access.

“This ensures that end-users are not able to accidentally or maliciously change configuration settings, access systems with sensitive data or perform other actions that are not required of their jobs,” he said.

Read more on Security policy and user awareness

Data Center
Data Management