Story image

Australian CIOs well aware of internal security risks and plan to do more

26 Feb 18

The battle of the breach continues to play out and at least 87% of Australian CIOs have experienced a breach in their own company.

Those are some of the statistics from Robert Half’s independent research into the state of internal IT security across Australian organisations.

The research gained opinions from 160 CIOs and found that social engineering and information leakage are the two main struggles organisations are facing.

Out of the 87% of CIOs who said they had experienced a breach in the last three years, 48% attributed a breach to social engineering; 48% to information leakage; 41% to a deliberate cyber attack; and 35% to staff downloading malicious content.

The good news is that 96% of polled CIOs said they are implementing a range of security measures to fight internal security threats, but employee awareness is still a major issue.

Australian CIOs rate employee awareness of their firm’s security policies and potential IT security risks as 7/10, highlighting the need for improvement.

Robert Half Australia’s director Andrew Brushfield says that traditional IT security is about protecting business assets from external attacks, but risk through internal attacks is increasing.

“Businesses must take a proactive, rather than reactive, approach when addressing their internal IT security infrastructure and policies. Maintaining the integrity of internal IT security systems will be essential for the long-term viability of companies as we change the way we work through digitisation,” Brushfield explains.

“All staff – from senior to junior – in the company need to be aware of the risks associated with email, social media and confidential information.  Providing regular training – that go beyond the obligatory email – of all personnel on cyber-security policies and corporate practices will be essential if companies want to have an efficient cyber-security approach.”

41% of CIOs have made efforts to conduct an internal security audit; 39% have conducted security awareness training for employees; 36% have implemented secure backup and recovery processes; 35% have implemented remote access policies; and 34% have hired permanent or temporary IT staff to strengthen IT security.

"Companies should take on a continuous enterprise-wide approach that combines both the technological means and the talent to manage it. This means onboarding skilled IT security professionals, such as IT security analysts, information security officers and IT security engineers, to address sophisticated cyber-security threats – both internal and external,” Brushfield comments.

CIOs plan to take their security measures further, with 39% planning to implement secure backup and recovery processes; 37% planning monitoring and logging of employees’ online actions; 35% planning security awareness training for employees; 33% planning an internal IT security audit; and 30% planning to hire permanent and temporary IT staff to strengthen IT security processes.

“Not only are companies battling their own internal IT security threats, they also have to contend with a very limited pool of IT security candidates in Australia, highlighting that IT security professionals with the most sought-after skills are in a very favourable position to negotiate above-market salary increases,” Brushfield concludes.  

Cofense launches MSSP program to provide phishing defence for SMBs
SMBs are highly susceptible to phishing attacks, and often lack the resources necessary to stop advanced threats
Hillstone CTO's 2019 security predictions
Hillstone Networks CTO Tim Liu shares what key developments could be expected in the areas of security compliance, cloud, security, AI and IoT.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Security platform provider Deep Instinct expands local presence
The company has made two A/NZ specific leadership hires and formed several partnerships with organisations in the region.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Stepping up to sell security services in A/NZ
WatchGuard Technologies A/NZ regional director gives his top tips on how to make a move into the increasingly lucrative cybersecurity services market.