Nearly 62% of respondents cited social networking as a significant threat to information security in their organisation, while the growth of emails and other unstructured data came a close second with 59% acknowledging it as a serious risk. When it came to mobile security, the single biggest problem remains not the technology but the practices and behaviours of users, with employees' failure to follow data-retention policies (59%) and lost or stolen devices (58%) topping the list of concerns.
Other key findings of the research include:
- Bad BYOD policy? IT professionals harbour deep concerns about the impact of BYOD on security and threat management. Fewer than one in five respondents (19%) said their organisations had a comprehensive BYOD policy for users’ personal mobile devices, and more than half of those whose organisations had such a policy felt it increased security complexity significantly or moderately.
- Personal risks: 46% of respondents thought personally owned consumer devices represent a significant threat, compared with only 27% who thought the same of consumer devices issued by the business. This suggests it would be more likely that business-issued devices would be “scrubbed” more thoroughly for security vulnerabilities than personal devices.
- Attracting cloudy threats: The research investigated why IT executives felt cloud computing made their organisation more susceptible to security breaches and data loss. A shocking 60% of respondents felt that cloud computing’s growing prominence and market visibility made cloud-based applications more inviting as threat targets for cybercriminals.
- Complexities of virtualisation: 49% of respondents agreed or strongly agreed that supporting a mix of physical and virtual machines makes infrastructure security far more difficult than it had been with physical-only