14 November 2018
Cyber-attacks top the list of threats to businesses information security, with rogue employees the second biggest concern, according to IT professionals polled at Cloud Expo Asia.
The poll, conducted by BSI, investigated perceived threats to information security and the measures businesses are taking to protect themselves. It found that four in 10 professionals lack confidence in their security measures, with cyber-attacks (43%), rogue employees (23%) and malware (15%) identified as the top three threats.
Reassuringly, the overwhelming majority of respondents felt that top management was committed to information security (92%), and nearly three quarters (73%) felt that the necessary resources were allocated to managing cyber risk.
John DiMaria, Global Product Champion for Information Security and Business Continuity at BSI said: “As the profile of cyber-attacks rises, it is important that organizations not only maintain vigilance over technology measures such as malware protection but also address internal risks such as rogue employees. Failing to educate individuals on how to follow basic procedures can be just as dangerous as malicious actors working against you. Simple training programmes can significantly reduce the number of insider breaches by ensuring employees understand the importance of information security and the need for them to be vigilant, as well as confident in reporting potential threats.”
Respondents agreed that cloud computing is the number one emerging threat (81%), with just over half (55%) satisfied with the privacy and security assurances of their current cloud service providers. Interestingly, the research found that just half (51%) of IT professionals felt that the recently introduced General Data Protection Regulation encouraged the use of cloud technologies.
Whilst this reinforces the potential to improve confidence in cloud security and vendor security provisions, it’s encouraging that the research also found a growing customer requirement to demonstrate information security provisions when tendering for new business: 94% of respondents felt they were now required to do so. Of the provisions requested, ISO/IEC 27001 certification topped the list (64%), followed by a copy of the information security policy (20%) and NIST (19%).
DiMaria continued: “We have found organizations that implement an ISO/IEC 27001 Information Security Management system (ISMS) can better identify threats to their information security and put in place appropriate controls to manage and reduce risks, and this is certainly borne out by the findings of this research. It’s encouraging to see that cyber security provisions are now forming a formal part of supply chain relationships, and frameworks such as NIST, which originated out of the US, are also being recognized in Asia as an information security provision to bolster the strong foundation an ISMS provides. The implementation of internationally recognized best practice frameworks allows businesses to put themselves in the strongest possible position.”
To learn more about ISO 27001 please visit www.bsigroup.com/infosec
- ENDS –