Australian CIOs well aware of internal security risks and plan to do more
The battle of the breach continues to play out and at least 87% of Australian CIOs have experienced a breach in their own company.
Those are some of the statistics from Robert Half's independent research into the state of internal IT security across Australian organisations.
The research gained opinions from 160 CIOs and found that social engineering and information leakage are the two main struggles organisations are facing.
Out of the 87% of CIOs who said they had experienced a breach in the last three years, 48% attributed a breach to social engineering; 48% to information leakage; 41% to a deliberate cyber attack; and 35% to staff downloading malicious content.
The good news is that 96% of polled CIOs said they are implementing a range of security measures to fight internal security threats, but employee awareness is still a major issue.
Australian CIOs rate employee awareness of their firm's security policies and potential IT security risks as 7/10, highlighting the need for improvement.
Robert Half Australia's director Andrew Brushfield says that traditional IT security is about protecting business assets from external attacks, but risk through internal attacks is increasing.
“Businesses must take a proactive, rather than reactive, approach when addressing their internal IT security infrastructure and policies. Maintaining the integrity of internal IT security systems will be essential for the long-term viability of companies as we change the way we work through digitisation,” Brushfield explains.
“All staff – from senior to junior – in the company need to be aware of the risks associated with email, social media and confidential information. Providing regular training – that go beyond the obligatory email – of all personnel on cyber-security policies and corporate practices will be essential if companies want to have an efficient cyber-security approach.
41% of CIOs have made efforts to conduct an internal security audit; 39% have conducted security awareness training for employees; 36% have implemented secure backup and recovery processes; 35% have implemented remote access policies; and 34% have hired permanent or temporary IT staff to strengthen IT security.
"Companies should take on a continuous enterprise-wide approach that combines both the technological means and the talent to manage it. This means onboarding skilled IT security professionals, such as IT security analysts, information security officers and IT security engineers, to address sophisticated cyber-security threats – both internal and external,” Brushfield comments.
CIOs plan to take their security measures further, with 39% planning to implement secure backup and recovery processes; 37% planning monitoring and logging of employees' online actions; 35% planning security awareness training for employees; 33% planning an internal IT security audit; and 30% planning to hire permanent and temporary IT staff to strengthen IT security processes.
“Not only are companies battling their own internal IT security threats, they also have to contend with a very limited pool of IT security candidates in Australia, highlighting that IT security professionals with the most sought-after skills are in a very favourable position to negotiate above-market salary increases,” Brushfield concludes.