1. Business Ideas
  2. Business Plans
  3. Startup Basics
  4. Startup Funding
  5. Franchising
  6. Success Stories
  7. Entrepreneurs
  1. Sales & Marketing
  2. Finances
  3. Your Team
  4. Technology
  5. Social Media
  6. Security
  1. Get the Job
  2. Get Ahead
  3. Office Life
  4. Work-Life Balance
  5. Home Office
  1. Leadership
  2. Women in Business
  3. Managing
  4. Strategy
  5. Personal Growth
  1. HR Solutions
  2. Financial Solutions
  3. Marketing Solutions
  4. Security Solutions
  5. Retail Solutions
  6. SMB Solutions
Product and service reviews are conducted independently by our editorial team, but we sometimes make money when you click on links. Learn more.

Businesses in Denial When it Comes to IT Security Breaches

security-breach-11090702 Credit: Dreamstime.com

The majority of businesses appear to be all talk and little action when it comes to combating security breaches, according to a new survey.

Findings from a Tenable Network Security study show that more than 90 percent of IT security professionals surveyed discussed large-scale, high-profile breaches such as those at RSA, Citigroup and Sony with senior management — but only 23 percent did anything beyond that.

"It would be impossible and impractical to make changes, updates or company-wide announcements for every data breach reported,” Ron Gula, CEO and chief technology officer at Tenable Network Security, said in a prepared release. “But with record-breaking exposures like what we’ve seen this year, there’s an opportunity for us to learn and to educate employees about the implications of a security breach and reinforce existing policies and information security practices."

It’s not just outside security breaches that businesses are potentially facing. Nearly half of those surveyed reported experiencing some form of an internal threat while at their current company, and they’re not alone.

According to a recent Verizon Business Data Breach Investigations Reports, insider threats are one of the leading sources of data leakage and theft for businesses. Findings indicate that nearly one in three breaches over the past two years came as a result of an insider attack, and, in 2010, 93 percent of insider breaches were considered deliberate or malicious attacks.

Yet despite the large number of internal issues, those surveyed ranked preventing insider threats as the second-lowest information security priority for the next six to eight months, with mobile device security being the top priority.

IT security professionals themselves also are to blame for the security breaches, according to the study. One in three security professionals admitted they had violated internal security policies they created in order to complete a work-related task more quickly or easily.

“The productivity versus security battle continues to create problems for enterprises,” Gula said. “Employees, including privileged security professionals, are going to do whatever it takes to get the job done, regardless of policies or security risks.”

The survey of IT security professionals from several industries – including financial services, government, retail and health care – was conducted at the 2011 Gartner Security and Risk Management Summit.


Chad Brooks

Chad Brooks is a Chicago-based freelance writer who has nearly 15 years experience in the media business. A graduate of Indiana University, he spent nearly a decade as a staff reporter for the Daily Herald in suburban Chicago, covering a wide array of topics including, local and state government, crime, the legal system and education. Following his years at the newspaper Chad worked in public relations, helping promote small businesses throughout the U.S. Follow him on Twitter.