Story image

Australian CIOs well aware of internal security risks and plan to do more

26 Feb 2018

The battle of the breach continues to play out and at least 87% of Australian CIOs have experienced a breach in their own company.

Those are some of the statistics from Robert Half’s independent research into the state of internal IT security across Australian organisations.

The research gained opinions from 160 CIOs and found that social engineering and information leakage are the two main struggles organisations are facing.

Out of the 87% of CIOs who said they had experienced a breach in the last three years, 48% attributed a breach to social engineering; 48% to information leakage; 41% to a deliberate cyber attack; and 35% to staff downloading malicious content.

The good news is that 96% of polled CIOs said they are implementing a range of security measures to fight internal security threats, but employee awareness is still a major issue.

Australian CIOs rate employee awareness of their firm’s security policies and potential IT security risks as 7/10, highlighting the need for improvement.

Robert Half Australia’s director Andrew Brushfield says that traditional IT security is about protecting business assets from external attacks, but risk through internal attacks is increasing.

“Businesses must take a proactive, rather than reactive, approach when addressing their internal IT security infrastructure and policies. Maintaining the integrity of internal IT security systems will be essential for the long-term viability of companies as we change the way we work through digitisation,” Brushfield explains.

“All staff – from senior to junior – in the company need to be aware of the risks associated with email, social media and confidential information.  Providing regular training – that go beyond the obligatory email – of all personnel on cyber-security policies and corporate practices will be essential if companies want to have an efficient cyber-security approach.”

41% of CIOs have made efforts to conduct an internal security audit; 39% have conducted security awareness training for employees; 36% have implemented secure backup and recovery processes; 35% have implemented remote access policies; and 34% have hired permanent or temporary IT staff to strengthen IT security.

"Companies should take on a continuous enterprise-wide approach that combines both the technological means and the talent to manage it. This means onboarding skilled IT security professionals, such as IT security analysts, information security officers and IT security engineers, to address sophisticated cyber-security threats – both internal and external,” Brushfield comments.

CIOs plan to take their security measures further, with 39% planning to implement secure backup and recovery processes; 37% planning monitoring and logging of employees’ online actions; 35% planning security awareness training for employees; 33% planning an internal IT security audit; and 30% planning to hire permanent and temporary IT staff to strengthen IT security processes.

“Not only are companies battling their own internal IT security threats, they also have to contend with a very limited pool of IT security candidates in Australia, highlighting that IT security professionals with the most sought-after skills are in a very favourable position to negotiate above-market salary increases,” Brushfield concludes.  

Aerohive launches guide to cloud-managed network access control
NAC for Dummies teaches the key aspects of network access control within enterprise IT networks and how you can secure all devices on the network.
Sungard AS named DRaaS leader by Forrester
It was noted for its disaster-recovery-as-a-service solution’s ability to “serve client needs at all stages of their need for business continuity.”
Gartner: The five priorities of privacy executives
The priorities highlight the need for strategic approaches to engage with shifting regulatory, technology, customer and third-party risk trends.
emt Distribution adds risk intelligence vendor
Flashpoint has signed emt Distribution to provide channel partners in Oceania and South East Asia a solution for illicit threat actor communities.
CrowdStrike: Improving network security with cloud computing solutions
Australian spending on public cloud services is expected to reach $6.5 billion this year according to Gartner
Thycotic debunks top Privileged Access Management myths
Privileged Access encompasses access to computers, networks and network devices, software applications, digital documents and other digital assets.
Veeam reports double-digit Q1 growth
We are now focussed on an aggressive strategy to help businesses transition to cloud with Backup and Cloud Data Management solutions.
Paving the road to self-sovereign identity using blockchain
Internet users are often required to input personal information and highly-valuable data from contact numbers to email addresses to make use of the various platforms and services available online.