Securing the Enterprise: The Changing Face of the Threat

By James Bindseil, CEO and President of Globalscape.

Security has always been a hot issue for enterprises. The amount of money being invested in the sector is regularly on the rise, especially among banking and finance companies. Just earlier this year, the CEO of JP Morgan pledged to double the global banks security spending following a data breach, alleged to have impacted 84 million users.

In a sector where so many individuals’ most sensitive details are stored, IT security is critical. Interestingly however, the onus is not necessarily just on security providers. No longer can companies expect to be able to secure their enterprise from cybercriminals just by employing the services of a security provider. It is of course wise to invest in multiple layers of security, from firewalls, to anti-virus software, but this does not protect the enterprise from the greatest threat, the employee.

As our technology has moved forward, access points have increased, and as a result, these access points are managed and controlled by staff, further enhancing the potential for human error.

In addition, cybercriminals are getting smarter. Gone are the days where cybercriminals would simply try to hack security vulnerabilities within an enterprise hoping to come across peoples details and steal them. Instead they look for gaps in the security armor, often created by internal mistakes, such as sending secure information over email, or a weak password. Just this week, it emerged that Sony had hundreds of company passwords compromised, largely due to the fact that many of them were stored in a folder, labelled ‘Passwords’.

Failing to secure internal data can have serious external consequences. Significantly, the majority of data breaches are caused internally. According to a Forrester reporton the state of data security, 25 percent of data breaches were a result of actions from a malicious insider, with employee errors the greatest cause, making up 36 percent of breaches.

Properly trained employees that understand the dangers of the internet, and securing files and data effectively are critical. The number of employee errors causing breaches is clear evidence for the need for training and leadership. The development and growth of cloud and remote technology within enterprises means that employees are increasingly required to share data outside of their network. Failing to ensure a ‘best practice’ where data and files are distributed and secured properly will not only risk theft, but could put an organisation out of compliance with the Data Protection Act.

Up until recently the paradigm among businesses has been to simply add layers to security regimes to increase protection. Layered security does to an extent secure organisations from external threats, however, it fails to factor in human error. For organisations who regularly have to distribute data externally and internally, a great first step in managing this threat is an investment in a managed file transfer system. This then must be accompanied by educating employees, providing an environment where data is secured and the risk of staff causing a breach is dramatically lessened. Ultimately, it will pay significant dividends through early prevention of internally caused threats.

Today’s cybercriminals like to look for the easy option, targeting enterprises with lax security protocols and employees with weak passwords, or those sharing data through insecure means. Ironically, employees also look for the easy option when it comes to doing their job.  They will look for the way that makes the most sense with the least amount of disruption and if a secure method does not provide it then they will move on to the insecure methods.  That is why it is imperative that any security mechanisms put in place work the way that the employees work and allows them to do their primary job.  Of course even the most stringent of security regimes cannot guarantee full protection, but they can be significantly limited by simply not making mistakes. Although organisations cannot simply remove human error from the equation, employees that are aware of the threats and understand protocols as to how they should appropriately manage restricted or private information will perform better and make fewer mistakes than those that have no or little understanding of data security.

In short: the environment has changed, and security parameters will always move, but organisations can give themselves the upper hand through a layered security approach that works in a seamless fashion accompanied by educated employees.

James L. Bindseil is the President and CEO of Globalscape and serves on its Board of Directors. Before being named President and CEO in October 2013, Bindseil was Globalscape’s Senior Vice President of Client Operations and was responsible for the company’s worldwide sales and operations. During Bindseil’s three-year tenure as Senior Vice President of Client Operations, he not only grew maintenance and support revenue by over 75%, but also increased Globalscape’s enterprise customer support contract renewal rates to 92% per year.

Prior to joining Globalscape, Bindseil held key leadership positions with companies such as Symantec and Fujitsu America where he was instrumental in shaping the strategic direction and positioning of the organizations. As Chief Technology Officer for the Global Consulting Services at Symantec, Mr. Bindseil led a team that grew annual revenue from $3.1 million to $300 million in nine-and-a-half years.