Posted by Stuart Corner on 18 March 2016
Every organisation faces a constant battle to protect its IT infrastructure from external threats, but IT security teams are just as worried about the internal threats: employees doing the wrong thing, intentionally or otherwise. This is just one of the IT security trends highlighted in the annual security report produced by worldwide leading IT vendor, Cisco.
For the 2016 Cisco annual security report Cisco asked chief security officers (CSOs) and security operations (SecOps) managers in several countries and from organisations of various sizes, for their perceptions of their organisation’s security resources and procedures. The 2016 security report compares the results of the 2015 benchmark study with those from the 2014 benchmark study.
Security outsourcing on the rise
In the face of more sophisticated threats, the Cisco study mentions that the confidence of security professionals to counter cyber-attacks appears to be declining, and it finds that the deepening concerns about security are changing the ways in which security professionals protect networks.
The external threats are well known: malware, denial of service attacks, phishing exercises, advanced persistent threats, and so on, but internal, employee threats were almost as much of a concern to respondents. They are providing more security training, beefing up formal written policies and increasingly outsourcing of tasks such as security audits, consulting and incident response.
When looking at IT data security trends and the potential internal security threats, malicious software downloads were flagged as an internal security concern by 54 per cent or respondents, and 47 per cent were worried about employee security breaches. Employees using their own devices/software/cloud apps to do business, troubled 43 per cent of CSOs and 39 per cent were concerned about a lack of employee awareness of the IT security issues. IT Security trends and the results highlighted, show that concerns within companies are rising (particularly with BYOD policies) and there is a greater need for relevant procedures to tackle them, especially for vulnerabilities such as cloud security.
Employees in the dark on security incidents
Most organisations do not inform employees when there has been a security incident, and the number is decreasing. In 2014, 35 percent of respondents reported informing employees about security breaches. In 2015, (figures listed in the 2016 security report) only 26 percent reported doing so. Security personnel have a right to be worried about employee threats with the current IT security trends. While Australian businesses are becoming increasingly savvy, in protecting company data from employee mistakes and preventing external cyber-attacks on their data, they are not always successful at preventing data breaches through internal employee mistakes.
Based on Cisco’s Security Capabilities Benchmark Study defending an organisation from cyber criminals requires much more than simply having the right security technology. The people factor is just as important: every organisation needs an IT security culture that embraces and informs all employees in order to avoid human error.
Here are five steps you can take to build an IT security trends culture:
- Start by making sure employees at every level of the organisation have a basic understanding of your security policies.
- Delegate specific security responsibilities to team leaders.
- Start putting together a step by step policies and procedures guide.
- Develop and implement an effective security awareness program.
- Provide continuous training for employees so they are up to date with the latest activity. A one-time presentation or a one-off activity is not sufficient to address the ever-evolving threats.
If you are looking for an IT security specialist, contact us today.
Stuart Corner, an award-winning journalist with over 30 years of experience reporting, analysing and commenting on developments in information technology and telecommunications.