In 2015, we saw more data breaches and larger data breaches than ever before with almost half of all organizations suffering at least one serious security incident / data breach in the past 12 months. IDC predicts that by 2020, more than 1.5 billion people, or a quarter of the world’s population, will be affected by data breaches. Given this state of affairs, one would assume that organizations would be wary to call themselves prepared.
The Association of Corporate Counsel (ACC) recently released its State of Cybersecurity Report giving a legal insider perspective to the current cybersecurity practices, prevention, protection and response standings at more than 800 organizations across 30 countries.
Millennials, adults now aged 18-34, are the single largest generation in the US workforce, a generation which will account for 75% of the workforce within 10 years. As the first generation of Digital Natives, Millennials have different expectations when it comes to work. One of those expectations relates to the shifting use of endpoint devices, with the mobile phone now outweighing the laptop as the preferred device for going online.
The composition of the workforce is changing. IDC predicts that the U.S. mobile worker population will account for nearly 72% of the total US workforce by 2020. The changing demographic in the workforce, combined with mobility and the rise in 24/7 working, has caused many organizations to adopt flexible work policies, with employees telecommuting all or part of the time, and increasing the use of contractors as an alternative to employees. Ardent Partners estimates that 45% of the workforce will be “contingent”—self-employed, contractors and temps—by 2017.
As one of the leading construction and civil engineering companies in the Nordic countries, MT Højgaard struggled to identify users and validate that software was properly installed and working. More importantly, devices were often left in places like cars while on-site or in transit, leaving them open to theft.
Employees are used to being connected 24/7. When a data signal is low, or a device is not connected to a data plan, most people don’t hesitate to scan for open WiFi networks, connecting to public or even unsecured private networks. Stop in any major coffee shop and you’re likely to find someone with a tablet or laptop open, working remotely, likely from a public WiFi connection. Go to any airport or hotel and you’ll see even more people using public WiFi. Remote work offers great productivity advantages, but that public WiFi is putting corporate data at risk.
In 2015, we saw more data breaches and larger data breaches than ever before. Shifts such as mobility, the cloud and even workforce composition have created an ever-expanding attack surface that continues to threaten corporate data. It’s now recognized that people are the root cause of most data breaches, as many as 90% of all breaches, either inadvertently or maliciously putting data at risk. The expansion of the attack surface through mobility, the cloud and even IoT has just increased the number of ways that “people” can put data at risk.
There is the growing realization that encryption is good, but it’s not good enough. Encryption is only a part of the picture because it, as with many data protection technologies, is not infallible. Technology alone will never give complete protection to data. Right now, as many as 90% of data security incidents can be tied back to people: to mistakes or intentional misbehaviour. Take encryption: if your employees disable it, how can it be effective? As many as 40% of executives admitted in a 2014 study to turning off laptop encryption.