Employees see IT as an “inconvenience” and look for ways to get around security measures, putting the organization at risk, according to SailPoint’s 2018 Market Pulse Survey.
IT can’t make the organization secure if the user is working in the exact opposite direction. IT puts security controls on file sharing, and users open a personal cloud storage account they control. IT locks down the ways employees can use collaboration software, and employees in a department find one of their own, bypassing IT entirely.
With such an abundance of great solutions in the cloud and on-prem today, you’d think users would be praising IT. But, as SailPoint’s report points out, users are anything but satisfied:
- 55% of users see their IT department as a source of inconvenience in their organization
- 31% say that they (or one of their colleagues) have purchased and/or deployed software without IT’s help – this is an 11% increase over the past 4 years!
- 13% of users would not tell IT immediately if they believed they were hacked, making the situation worse
- 49% of users would actually blame IT for the cyberattack – even if it’s the employee’s fault!
All of these stats add up to one very frightening conclusion: user’s attitudes towards IT are putting the organization at risk of cyberattack.
Organizations need to educate users on why security is so critical to operational success – and why security established controls need to be respected. This can only be truly accomplished by establishing a security culture within the organization. The most effective way to accomplish both goals is by using Security Awareness Training to elevate the user’s understanding of the need for security, their role in it, and tactically how to engage properly with email and the web in a way that protects the user and the organization.
You can’t necessarily stop a user from using a cloud-based solution of their choosing, but you can improve their understanding of how doing so impacts the security of the organization.