Story image

Australian CISOs say cloud compliance is one of the most stressful parts of the job

04 Jul 2017

The task of making sure cloud applications follow compliance policies is one of the most stressful areas of a chief information security officer's (CISO's) job, and they also believe their CEOs are undermining internet security protocols.

Those are the sentiments from Symantec's latest research, which suggests that there are gaping areas in both their organisation's security and the people involved in implementing it.

74% of Australian CISOs believe that their CEO has broken internal security protocols, whether intentionally or unintentionally.

86% say that making sure cloud applications are in line with compliance protocols is the most stressful part of their jobs, but that isn't all they are concerned about.

Hijacking threats top-of-mind for Australian CISOs

32% of CISOs believe account hijacking may become a top threat this year; followed by data breaches (30%); exploited system vulnerabilities (19%); hacked APIs (12%); and broken authentication and compromised credentials (7%).

When looking specifically at cloud security, data loss; staff non-compliance; training; and insecure business applications topped the list of the biggest threats this year. 91% believe that regular data backups cannot work on their own to stop attacks and malware.

29% of cloud applications used at a CISO's company count as shadow apps, which are easy targets for cybercriminals, the survey revealed.

CISOs also tip open source software as a major concern this year, with 99% stating it will be bigger than last year.

Industry compliance issues may be going in the wrong direction

CISOs reported worries about a number of different industry compliance issues today, including:

  • Tracking of activities in sanctioned cloud applications (21 per cent);
  • country and region-specific data residency and control regulations (17 per cent);
  • broad sharing of compliance-controlled data in cloud applications (25 per cent);
  • governance of corporate-owned mobile devices (15 per cent); and
  • employee use of unsanctioned cloud applications (22 per cent)

So what are CISOs doing about it?

According to the survey, CISOs are looking for three key factors to support their security and policies for both data compliance and residency.

89% say they are looking for tokenisation as the best way to meet data residency and control; but only 61% currently use it. 88% use cloud encryption and only 51% use both.

General focus areas: More training, bigger budget, better protection

95% of Australian CISOs plan for more spending on staff training. New employees may average 20 hours of security training during the onboarding process - one of the longest training times out of all countries surveyed in the research..

Australians unsure of who is responsible for the safety of their information
According to a recent survey conducted by SOTI, Australians are increasingly concerned about the security of their health records.
Europol makes 61 arrests & nets €6.2 million in dark web crackdown
60 experts from 19 countries, Europol, and Eurojust were involved in hunting for activities including the illegal sale and signs of counterfeit goods and money, drugs, cybercrime, document fraud, non-cash payment fraud, trafficking in human beings and trafficking in firearms and explosives. 
The silver lining in Australia’s Government cloud strategy
Cloud has been a huge part of the ‘digital transformation’ conversation within Australian government during recent years.
Milestone: How video and IoT are finding their place in enterprise
Milestone Systems South Pacific country manager Jordan Cullis talks about three trends that will revolutionise the way video is viewed in 2019 and beyond.
Largest DDoS-for-hire websites responsible for 11% of attacks worldwide – Nexusguard
The FBI’s shutdown of the world’s 15 largest DDoS-for-hire “booter” websites in December resulted in 85% decrease in average attack sizes, year-over year.
Five things MSPs need to keep in mind in 2019
A Datto APAC channel exec outlines the most important factors for MSP to being paying attention to in the coming year.
Survey: IT pros nostalgic over on-prem data centre visibility
There are significant security and monitoring challenges faced by IT staff responsible for managing public and private cloud deployments.
61% of CIOs believe employees leak data maliciously
Egress conducted a survey to examine the root causes of employee-driven data breaches, their frequency, and impact.