Story image

Australian CIOs well aware of internal security risks and plan to do more

26 Feb 2018

The battle of the breach continues to play out and at least 87% of Australian CIOs have experienced a breach in their own company.

Those are some of the statistics from Robert Half’s independent research into the state of internal IT security across Australian organisations.

The research gained opinions from 160 CIOs and found that social engineering and information leakage are the two main struggles organisations are facing.

Out of the 87% of CIOs who said they had experienced a breach in the last three years, 48% attributed a breach to social engineering; 48% to information leakage; 41% to a deliberate cyber attack; and 35% to staff downloading malicious content.

The good news is that 96% of polled CIOs said they are implementing a range of security measures to fight internal security threats, but employee awareness is still a major issue.

Australian CIOs rate employee awareness of their firm’s security policies and potential IT security risks as 7/10, highlighting the need for improvement.

Robert Half Australia’s director Andrew Brushfield says that traditional IT security is about protecting business assets from external attacks, but risk through internal attacks is increasing.

“Businesses must take a proactive, rather than reactive, approach when addressing their internal IT security infrastructure and policies. Maintaining the integrity of internal IT security systems will be essential for the long-term viability of companies as we change the way we work through digitisation,” Brushfield explains.

“All staff – from senior to junior – in the company need to be aware of the risks associated with email, social media and confidential information.  Providing regular training – that go beyond the obligatory email – of all personnel on cyber-security policies and corporate practices will be essential if companies want to have an efficient cyber-security approach.”

41% of CIOs have made efforts to conduct an internal security audit; 39% have conducted security awareness training for employees; 36% have implemented secure backup and recovery processes; 35% have implemented remote access policies; and 34% have hired permanent or temporary IT staff to strengthen IT security.

"Companies should take on a continuous enterprise-wide approach that combines both the technological means and the talent to manage it. This means onboarding skilled IT security professionals, such as IT security analysts, information security officers and IT security engineers, to address sophisticated cyber-security threats – both internal and external,” Brushfield comments.

CIOs plan to take their security measures further, with 39% planning to implement secure backup and recovery processes; 37% planning monitoring and logging of employees’ online actions; 35% planning security awareness training for employees; 33% planning an internal IT security audit; and 30% planning to hire permanent and temporary IT staff to strengthen IT security processes.

“Not only are companies battling their own internal IT security threats, they also have to contend with a very limited pool of IT security candidates in Australia, highlighting that IT security professionals with the most sought-after skills are in a very favourable position to negotiate above-market salary increases,” Brushfield concludes.  

Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.
Exclusive: Ping Identity on security risk mitigation
“Effective security controls are measured and defined by the direct mitigation of inherent and residual risk.”
CylancePROTECT now available on AWS Marketplace
Customers now have access to CylancePROTECT for AI-driven protection across all Windows, Mac, and Linux (including Amazon Linux) instances.