According to the latest Deloitte Global Technology, Media and Telecomms (TMT) survey, 88% of respondents felt their organisation was not vulnerable to cyber attack, despite almost 60% of them having already experienced at least one security breach. (you can download the full report here)
Employees – Insider Threat
Companies also said that employee mistakes were the top threat when it comes to Information Security. Whilst it isn’t a surprise that this is the top threat, the reluctance to face the insider threat (let’s face it, it doesn’t have to be malice aforethought) has seemed hard to shake. It is something we have discussed on this blog before. It’
s disappointing that having acknowledged that employees are a real issue, only 48% of businesses offer Security Awareness training. This is creating vulnerability needlessly. Security Awareness should be an integrated part of business. Having said that the tendency to push Security onto IT is part of the problem. IT can look after IT security but information has to be safeguarded in all its forms and that means anyone who uses it has to be responsible for its security. That means all employees have a part to play. This also explains why employees are the top threat to security.
There is a growing awareness of the potential threat from increased use of mobile devices.
The co-existence of personal and business data and applications make mobile devices highly prized for theft and also marvelous new entry points for a cyber attack. Figures from a previous survey from Ponemon Institute showed that the majority of respondents carried sensitive data on mobile devices ‘frequently or very frequently’ , yet the same survey showed that over a third of data breach had come from lost or stolen devices and that almost 60% of employees spent no time whatsoever on data protection activities.
Given these figures, a firm grip on your organisation’s Risk Appetite and Tolerance is a must before an informed decision can be made on BYOD…