Malware and ransomware dominate CIO concerns, but malicious insider threat is growing
Threats from malware and ransomware have topped a list of CIO concerns, according to a survey from Logicalis.
However, concerns over malicious insider threats have shown the greatest annual increase.
In its sixth running, the Logicalis Global CIO Survey polled some 840 CIOs across Europe (including Ireland), the Americas, the Far East and Australia, in October of 2018.
Malware and ransomware were named by more than two thirds (68%) of respondents as a top concern, followed by a lack of staff awareness and resulting mistakes (56%), data breaches (54%) and phishing (49%).
The malicious insider was named by 39% of respondents, but this has grown from 30% in the previous year, the biggest single jump.
When combined with the concern over inadvertent internal staff issues, Logicalis says, it highlights the human dimension of cyber risk as more of a focus than ever before.
The survey said that the vast majority (93%) of CIOs are now spending up to half of their time on information security, at a time when transformation and innovation are also high on the agenda.
The survey also highlights a change in attitudes on security, with more than a third agreeing that a policy of cyber resilience is required, rather than a pure defensive strategy. Furthermore, one in 10 respondents said they are currently reassessing their security footing.
“Over the last few years, there have been major developments in terms of new capabilities, services and expertise in IT,” said Ross O’Donovan, information security practice lead, Logicalis Ireland. “With this progression comes new risks and threats, so security has never been more important for organisations.”
“In particular, CIOs are focusing on internal threats as they realise that a tech-based defence is not enough, with people often the weakest link in the company defence strategy. Human error and malicious insiders pose a major threat to organisations. If companies don’t address these, it could be extremely costly for them and their customers.”
“As well as an advanced next generation firewall,” said O’Donovan, “businesses need to implement a human firewall in terms of their employees.”
O’Donovan said that while every organisation is different, a standards-based approach of focusing on people, processes and technologies will ensure are greater resilient to risk – both external and internal – through managed security solutions that offer active defence, detection and recovery.