With cybersecurity threats continuing to evolve, even organizations wielding security tools and policies are at risk from a potential breach. In fact, 20 percent of security and IT leaders admit they do not have full visibility to where their data lives and moves—leaving their organizations with a data security blind spot.
According to the findings of our new Data Exposure Report, which surveyed nearly 1,700 security, business and IT leaders, 80 percent of CISOs agree that, “You cannot protect what you cannot see.”
It seems business leaders, on the other hand, are not always aware of the challenges security and IT leaders face to protect data. The overwhelming majority (82 percent) of business leaders believe IT can protect data they cannot see. This disconnect has major implications for data security, as business leaders often determine the budgets that security and IT need to do their jobs.
Data at risk
With the rise of flexible working practices and the ongoing digitization of information, the importance of data visibility and forensics across employee endpoints cannot be underestimated. In modern enterprises, with data flowing freely in and out of the organization, traditional security perimeters are no longer enough to prevent breaches.
Without the right tools, endpoint data is particularly vulnerable. In fact, 86 percent of security and IT leaders believe saving files outside of company storage—for example on an employee laptop—puts their organization at risk. This is a significant concern considering that 73 percent of security and IT leaders believe that some company data only exists on endpoints. And this is critical data: Security leaders revealed that losing endpoint-only could be business-destroying.
Keeping track of company data is not as straightforward as it may initially seem. Today, it goes beyond simply monitoring traditional sanctioned storage—even in the cloud.
While business leaders recognize that saving their data outside official storage causes unnecessary risk for their organization, they aren’t going to change their work habits. More than two-thirds (68 percent) of CEOs think there’s a risk to their company if they store data on devices such as laptops without keeping a copy in centralized storage—but they do it anyway.
Security must include recovery
Businesses need a safety net that will allow them to keep track of data stored on endpoints, regardless of employee behavior or communication breakdowns. To minimize risk to valuable IP, companies should have a security strategy that includes not only data recovery in the event of a breach, but also prevention tools to help prevent breaches from happening.
Coming up in the final post in this four-part series, we will explore why companies must shift their security strategy away from prevention-only to a prevention-and-recoverystrategy that effectively deals with an increasingly unpredictable threat landscape. To read the Code42 Data Exposure Report in its entirety, go to code42.com/2018DataExposureReport.
In case you missed them, get part one and two of Code42’s Data Exposure Report blog series.
- Is Your C-Suite Putting Your Data Security at Risk?
- Data Exposure Report: A Must-Read for Security Decision-Makers
The Code42 2018 Data Exposure Report