When teams don’t talk, hackers win

shutterstock 85645075

7/17/2014

Full article: http://cdblog.centraldesktop.com/2014/07/teams-dont-talk-hackers-win/

A new set of surveys by Webroot and conducted by Harris Interactive discovered a serious disconnect between employees and IT departments when it comes to Bring Your Own Device (BYOD) security. That disconnect comes down to a lack of communication between the mobile device users and the IT staff charged with enforcing policies. Users are uncomfortable adding mandatory security controls because they worry their privacy will be invaded, but IT is not only doing a poor job of requiring security applications be installed, it is also not doing much at all to prevent unsecured devices from accessing the network. As a result, BYOD security is weakened, putting company data at risk.

BYOD isn’t the only area where there is a security disconnect. It happens across all platforms and technologies. IT departments don’t communicate with the rest of the employee base regarding security concerns. If the company has an actual security team, it may run a separate operation from IT, and there is another opportunity for a communication breakdown. When the IT team isn’t collaborating with each other, with security or with employees, hackers can take advantage of the miscommunication and attack.

The primary reason for this communication breakdown is simple, says Clayton Knorr, senior security analyst and consultant at Nuspire Networks, a managed network security service provider. “People in business often see security as something that will delay projects and limit their options. This can be the case even in the best of circumstances, and will be much worse if the security team has a reputation for stonewalling ideas and slowing down projects. Other departments will try to avoid interacting with the security team altogether if they can.”

Knorr adds that there is an additional element causing tension between IT and security staff: IT departments may be reluctant to reveal security issues to security staff. “Reasons for this may be they know the solution to the problem will be challenging to implement, and could create pain for the users, or disrupt day-to-day operations. They may also fear that revealing the issues will bring up questions about why the solution was so poorly designed in the first place and who is responsible.”