Many IT personnel don't follow the same security protocols they’re expected to enforce according to the results of a new survey of over 500 professionals working in IT security roles.
The study by Absolute Software Corporation shows that 45 percent of IT professionals admitted to knowingly circumventing their own organization's security policies. In addition 33 percent of respondents admitted to successfully hacking their own or another organization.
"Given that IT is the security gatekeeper for an organization, it was alarming to see such high incidents of non-compliant behavior by IT personnel," says Stephen Midgley, vice president, Global Marketing at Absolute. "Even if these actions are being performed to validate existing infrastructure, senior leadership should be aware that this activity is occurring. It may also be worthwhile to consider third-party audits to ensure adherence with corporate security policies".
Security remains at the top of the IT spending list, with 87 percent of respondents expecting increased investment in security this year. Despite prioritizing security and increasing budgets, IT departments believe that employees represent the greatest security risk to an organization (46 percent). This may be related to the fact that on average, 33 percent of all security protocols are not being followed by staff. It may also explain the high incidents of security breaches, with 38 percent of respondents experiencing a data breach within the past year.
Younger professionals are also likely to show a more casual attitude to security according to the findings. Among IT professionals aged 18-44, 41 percent are likely to hack their own organization compared to just 12 percent of those in the 45+ age group. 92 percent of 18-44 year-olds say they are confident in containing a data breach, compared to 79 percent of 45+ professionals.
"Despite marked improvements, businesses are still very susceptible to attack," adds Midgley. "The gaps in current data breach response plans and in upholding general best practice policies must be addressed".
The full report is is available to download from the Absolute website.
Photo Credit: Alexander Kirch/Shutterstock