A new report shows there is a strong consensus among security professionals and experts that “perimeter defense is no longer a sufficient information security strategy.”
Nearly three-quarters (73%) of respondents said their cybersecurity needs had changed in the past 12 months and 69% said they expected them to change again in the next year. As a result, 27% of respondents said they formally reassessed their cybersecurity needs quarterly, and a further 31% did so annually.
The report, released by Ari Kaplan Advisors, found that information security officers and data custodians would need to share responsibility for “knowing where different pieces of sensitive information were kept and ensuring that they were stored securely.” This required partnering with “eDiscovery, in-house counsel, records management, and information governance.”
Such collaboration was a daily event for 23% of survey participants, and at least monthly for 54%.
The increasing use of mobile and personal devices to access corporate systems have “expanded the perimeter beyond what any corporate can control, introducing threats that you cannot fully monitor,” one respondent explained. But while 96% of respondents said their companies allowed remote access to systems, only 69% had formal “bring your own device” policies; the remainder allowing such activity to go unmanaged.
Respondents also reported needing to balance these new security challenges with business needs to “enhance productivity, promote workplace flexibility, and improve the customer experience.”
“This report confirms and clarifies what we’ve been hearing in the marketplace, that information security is undergoing a profound change and entering a new phase,” said Dr. Jim Kent, Nuix’s Global Head of Investigations and Cybersecurity. “We’ll be very interested to see how this transformation works its way through the business community as we repeat this benchmarking survey next year and into the future.”
