What Keeps IT Up at Night Part 1: The Human Element

Security threats—in this case, internal ones—are giving some CIOs plenty of sleepless nights.

it security

What's keeping CIOs and CTOs up at night these days? We presented this question to a variety of IT leaders. While there were a scattering of other answers, the vast majority all revolved around the same concern: security.

Whether it's educating and equipping your internal users with the knowledge and tools to protect company data, protecting against external attacks and ransomware or better controlling the flow of information in and out of your networks, security is far and away the biggest culprit for CIOs and CTOs losing sleep.

In this first of two articles, let's take a look at the human element, the challenges facing IT when it comes to educating and securing their own employees. Here are the answers we received from some of IT's brightest (and most sleep-deprived) minds:

Joshua Crumbaugh, director of penetration testing at Tangible Security, tackles the problem of human error, stating that "Approximately three quarters of all breaches are due to human error such as clicking on a phish or opening malicious files. This is generally the biggest and most difficult issue to remediate." He goes on to flag password weakness as a concern, adding that, “Weak and guessable passwords have become an almost guaranteed way to gain access to most corporate networks.”

The dangers of human error showed up several times as a major concern. Salo Fajer, CTO of Digital Guardian, said that, "Whether sending an email to the wrong cached email address or misplacing a USB stick, internal employees, third party contactors and customers/prospects are all humans at the end of the day. Human errors can and will happen within any organization, whether careless or spiteful in nature. The Online Trust Alliance found that almost one-third (29%) of data losses are caused by staff - whether done maliciously or accidentally, so looking within your organization for potential threats is imperative to get a sound sleep."

Ryan Armstrong, director of IT support of Miles Technologies turned his worried eyes towards social engineering, asking, "Do we have processes to ensure that people are who they say they are? Have we educated the users enough on the dangers that are out there?"

Interestingly, two of our respondents framed their concerns through the lens of marrying the flexibility and freedom demanded by today’s workforce with IT’s charge of maintaining security.

Beth Hendriks, CTO of SciQuest said that, "The explosion of mobile devices and cloud-based technology has introduced a whole new set of IT-related questions that keep me up at night. First and foremost is how we as a company effectively develop secure and private systems and databases that are also flexible enough to accommodate employees’ needs to access assets outside of the office so they can complete their jobs.”

And Shaun Murphy, founder of PrivateGiant, also tackled the problem of productivity and accessibility of information versus security, stating that, “Having all of your company data always available and accessible is great for productivity, not so great when a piece of malware rips through your network or a hacker gets in and transfers all of your data to somewhere in China. All data, all systems should be encrypted per user/group that need access and have strict access controls and auditing in place for computer use, file access, directory listing, etc.. All modern computers and operating systems have the structure in place to do this.”

Do these experts' internal concerns align with your own, or is something else giving you sleepless nights? Let us know in the comments below.

For more insights on the changing tech and trends shaping enterprise collaboration, download our free eBook "The Future of Business Collaboration: 2015 Edition" today.

Download the CIO October 2016 Digital Magazine
View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies