YOU are the weakest link
1 April 2005 | 0
When it comes to maintaining IT security the human factor is the most vulnerable point of an organisation’s defences, according to the findings of an exclusive survey of Irish IT managers conducted by ComputerScope.
The survey, which attracted more than 500 responses from ComputerScope’s reader base of IT decision makers, sought their opinions on a variety of security-related topics and their preferred methods of meeting the threats.
A key finding was that although the overwhelming majority of respondents had some degree of confidence in their company’s enterprise security system only 8 per cent would go so far as to say that they were ‘extremely confident’ in the same. Hands-on control is also highly valued as 53 per cent of respondents described their security system as being ‘controlled internally’ whereas only 4 per cent said that it was fully outsourced to a third-party service provider.
However most respondents put the behaviour of both employees and management at or near the top of the lists of concerns regarding both the nature of threats facing their organisations, the challenges facing IT departments and the potential remedies that could reduce the probability of a security breach.
For example, when asked what were the most important security challenges facing their organisation in the next 12 months the most common response was ‘employees underestimating the importance of following security policy’ with nearly three quarters (73 per cent) of respondents selecting this as a concern and nearly half (46 per cent) expressing the same reservations about business executives.
An overwhelming majority (87 per cent) said that the most important security threats they faced were ‘Trojans, viruses, worms and other malicious code’. However the next most widely perceived threat was seen as ‘unintentional employee error’ which was a concern of 45 per cent of respondents.
As for remedies, the most popular corrective action is to train employees more effectively. More than half of all respondents said that they would spend any extra budget they might receive on providing additional training to employees. The next most popular item on the wish list for a bigger budget was ‘hiring a third party to audit security risks and vulnerabilities’ which was chosen by 41 per cent of replies. Following closely behind was hiring more ‘IT staff dedicated to enterprise security’ which was the choice of 38 per cent.
The most popular suppliers of security products were Symantec, Cisco, Network Associates/McAfee, Ceck Point and Microsoft.
The survey results mirror quite closely the results of a similar survey carried out in the US last summer. There, a poll of 600 IT professionals found that the most important security challenge over the next year would be employees underestimating the importance of following security policy and that the most important threat was also malicious code. The most popular remedies among American IT professionals were also providing additional training to employees and increasing dedicated IT security staff.