In the movies, the good guys always get the bad guys. In cyber reality, no such thing exists.
A survey of 5,000 IT security professionals turns up the following:
- 63% doubt they can stop data breaches.
- 69% think threats slip through the cracks of their security systems.
- 57% believe their company lacks protection from advanced attacks.
- 80% think their company’s leaders fail to connect the dots between a data breach and potential profit loss.
A survey of customers shows:
- 59% are quite concerned about credit and debit card information theft.
- 57% are very concerned about ID theft.
- About 60% believe that a data breach involving their credit card or personal details would make them less likely to conduct business at a store or bank they usually use.
That last point leads to reputation smearing and loss of customer trust. But what about customer responsibility when it comes to security breaches? The “blame the customer” mentality seems more appropriate in the workplace when employees bring to work their own devices to assist in their jobs. This lets the data-breach cat out of the bag.
Though a significant percentage of employees have admitted (in surveys) to having a security problem with their device, a remarkably small percentage of these users felt compelled to report this to their boss. A very statistically significant number of employees who bring their devices to work haven’t even signed a formal contract that outlines security procedures. The bottom line is that taking security seriously is a rare find among employees who do the BYOD thing.
Another survey turned up an unsettling result: 76% of the 700+ consumers (who were affected by a breach) who were surveyed experienced stress from the event—but more than half didn’t even take steps to prevent ID theft afterwards.
Maybe this complacency can be in part explained by the fact that the losses from breaches are mostly absorbed by the companies involved.
The consumer, customer and employee need to step up to the plate and do their fair share of taking security measures seriously, rather than sitting back and letting businesses and banks take the entire burden.
It’s like getting attacked by a shark. Is the shark entirely to blame if the swimmer jumped into water near a sign that says “Beware of Sharks”? Then again, someone has to take the responsibility of putting the sign there in the first place…
All entities must pull together, stop finger pointing and accusing, and try to get a step ahead of the real villains.