Attitudes to IT security
6 January 2014 | 0
The IT security landscape has changed dramatically in the course of the last year. New threats, new motivations and a new tools have made the world of information security a more complex place than ever before. But one aspect that does not seem to be changing at quite the same pace the attitude to IT security.
The way that organisations view exposure, risk, responsibility and response is critical and subject to a host of influences.
TechPro, in association with DataSolutions and Checkpoint, surveyed 237 Irish IT professionals in December of 2013 to see how these recent developments, as well as media coverage of security incidents, have influenced attitudes to information technology security in Ireland.
The survey began by asking respondents about their perceptions of the incidence of security incidents in the previous 12 months. Nearly a quarter (24%) said that the number of incidents increased either noticeably or substantially during that time. The majority (62%) said that the number of incidents was about the same. A relatively small 8% said that security incidents decreased either noticeably or substantially in the period, with just 6% saying that they did not know.
Half of respondents said that they had experienced a security incident during the past 12 months, such as infiltration by a virus, malware or ransomwware and data theft.“These are a well understood threats with easily identifiable symptoms, but what about all the other non-traditional threats that aren’t so easy to recognise?” asked James McLoughlin, senior security engineer, DataSolutions. “What the survey highlights is that there is a noticeable emergence of less tangible threats for example 14.3% reported data leakage by an employee; 3% cyberattack on mobile platforms; 3% theft of sensitive data by a third party and so on. There is a continued emergence of less obvious threats and the paradigm is changing and Irish organisations need to be aware of this.”
This must be balanced by 48% who said that they had not experienced any of the mentioned security incidents.
The survey asked if the increasing number of news stories on IT security breaches over the last year had impacted the way in which the security of organisations’ data and assets was viewed. More than a third (35%) of respondents indicated that they were a lot more concerned, and 44% indicated they were slightly more concerned. Less than one in five (18%) said that they were not concerned.
These results leave no doubt that media coverage has a significant impact on perceptions in organisations. It should have positive effects, with organisations examining their security measures and practices more closely to ensure that they are effective and commensurate with the risks and responsibilities for that organisation. When respondents who answered yes to the effects of media coverage were asked if this had prompted a change in behaviour, the majority (70%) said yes, but almost a quarter (24%) said no, with the balance as don’t knows.
The issue of third party assurance was raised, when the survey asked if organisations asked where data will be stored by a third party or partner and with what security policies and practices. More than half (58%) said that they did as a matter of course, with a further 27% saying that they did some of the time, and a relatively minor 3% saying that they did not.
This is a reassuring result as third party assurance is now high on the agenda for organisations after many high profile breaches having been positively identified as originating with a third party supplier or partner. However, there are still concerns in this area.