Most Canadian IT professionals report some security solutions “outdated and inadequate”: study

Most IT professionals in Canada (73%) feel strongly that some of their security solutions are outdated and inadequate, according to the Canadian results of a global study released last week.

The Need for a New IT Security Architecture: Global Study on the Risk of Outdated Technologies was released on Feb. 7. Conducted by the Ponemon Institute and sponsored by technology company Citrix, the report examined global trends in IT security risks and reasons why security practices and policies need to evolve in order to handle threats from disruptive technologies, cybercrime and compliance mandates. The research featured insights from 4,268 IT and IT security practitioners in Australia/New Zealand, Brazil, Canada, China, Germany, France, India, Japan, Korea, Mexico, Netherlands, United Arab Emirates, United Kingdom and the United States.

According to the results, Canada was among the top four countries (including the U.S., U.A.E. and the U.K.) to agree that their organizations’ existing security solutions are outdated and inadequate, said a statement from Citrix. Seventy-one per cent of the polled 265 Canadian IT and IT security practitioners said their organization needs a new IT security framework to improve its security posture and reduce risk; 52% of Canadian respondents stated that their organization will increase budget for IT security in 2017 – equivalent to the global average; and more than any other country, Canadian IT practitioners think that machine learning is the most important technology to reduce security risk over the next two years (85%).

The study found that while Canadian IT and IT security practitioners are concerned about their organization’s ability to control employee devices and data, they conversely appear to disregard the importance of enforcing employee compliance with security policies. Canada and Korea (40% respectively) are the least confident that their organization has the right policies and procedures in place to protect data and their infrastructure, the statement said. Yet, Canada is the country least concerned (51%) about the inability to enforce employees’ compliance with policies.

Other findings related to Canadian employee behaviour include:

• 67% of Canadian respondents (compared to the global average of 63%) perceive employee use of personally-owned mobile devices in the workplace (“bring your own device (BYOD)) as a disruptive technology and risk to IT security infrastructure;
• Canada is among the top two countries most concerned about the inability to control employees’ devices and apps (81% for Canada, 82% for Mexico);
• 90% of Canadian respondents believe that employees’ use of social media in the workplace has a negative impact on security – 15% higher than the global average;
• At 12%, Canada had the most respondents state that they were unsure whether their company has a mobile strategy for BYOD;
• 89% of Canadian respondents said that the inability to hire and retain expert staff is a factor that decreases their organization’s overall security and increases risk;
• More than any other country, Canadian respondents (86%) said that an improvement in staffing would most improve their organization’s overall security posture and reduce risk. Globally on average, only 72% agreed; and
• Canadian IT practitioners (74%) are only second to Japan (79%) in their concern that having more Millennials in the workplace poses a significant risk to security.

From a global perspective, less than half (48%) of respondents to the study said that their organization has security policies in place to ensure employees and third parties only have the appropriate access to sensitive business information, the statement said. Similar to the Canadian results (73%), nearly 70% of global respondents said that some of their existing security solutions are outdated and inadequate.

The top security concerns confirmed in the global study included:

• 70% said their organization had made investments in IT security technology that was not successfully deployed (e.g. shelfware);
• 65% of respondents said their organization is not able to reduce the inherent risk of unapproved applications – increasing risk, including from shadow IT (systems and solutions built and used inside organizations without explicit organizational approval);
• 64% said their organization has no way to effectively reduce the inherent risk of unmanaged data (e.g. downloaded onto USB drives, shared with third parties, or files with no expiration date); and
• Only 40% said their organization is successfully hiring knowledgeable and experienced security practitioners.

“Today’s constantly evolving cybersecurity threat landscape requires a new, more flexible IT security framework – one that extends beyond traditional fixed end-point security approaches to deliver threat detection and protection of apps and data at all stages,” concluded Tim Minahan, chief marketing officer with Citrix.