I was reading a report the other day (The Evolution of Data-Centric Protection) from InformationWeek Analytics presented by Security Dark Reading (requires registration) and written by technology expert Joe Hernick. 

The report includes a survey of 384 business technology decision-makers at North American companies and the purpose of the report was to determine the role of endpoint protection in enterprise data security strategies.  The opening line of the report was great:

“Think sophisticated attackers are your biggest problem?  Our survey says clueless and malicious end users are more likely to stymie even the best-laid defensive plans.” 

I have experienced and observed similar results for years, but to finally see “technology decision-makers” acknowledge the importance of awareness and accountability of end users in public is like seeing the sunshine break though after days of dark clouds.

Based on the survey responses, the report went on to say:

“If there ever was a problem that could be solved purely by the appropriate deployment of technology, data loss prevention isn’t it.  People, policies, and products must all work together, or the exodus of information will surely continue. “

“Alerting end users to corporate policies and educating them about the importance of keeping information safe is perhaps the most crucial step in preventing data loss.  For every wizard-level black hat infiltrating a data center, there’s a pile of good intentions gone bad. User education must be accompanied by sensible, well-thought-out policies, and those policies must be applied in a way that suits the business.”

As identity theft and data breaches continue to escalate, leaders and decision-makers in both technology and non-technology positions must learn to work together to address end user awareness and accountability for data protection. 

Perhaps most importantly, organizational leaders need to see the light and realize that adding more technology is not the solution.  Organizational leaders must also realize that as more regulations and mandates are created, the criticality of awareness and accountability at the individual-level will become even more important to avoid more stringent fines and expensive consequences.