Cyber-attacks top the list of threats to businesses information security, with rogue employees the second biggest concern, according to IT professionals polled at Cloud Expo Asia.
The poll, conducted by BSI, investigated perceived threats to information security and the measures businesses are taking to protect themselves. It found that four in 10 professionals lack confidence in their security measures, with cyber-attacks (43%), rogue employees (23%) and malware (15%) identified as the top three threats.
Reassuringly, the overwhelming majority of respondents felt that top management was committed to information security (92%), and nearly three quarters (73%) felt that the necessary resources were allocated to managing cyber risk.
John DiMaria, Global Product Champion for Information Security and Business Continuity at BSI said: “As the profile of cyber-attacks rises, it is important that organizations not only maintain vigilance over technology measures such as malware protection but also address internal risks such as rogue employees. Failing to educate individuals on how to follow basic procedures can be just as dangerous as malicious actors working against you. Simple training programmes can significantly reduce the number of insider breaches by ensuring employees understand the importance of information security and the need for them to be vigilant, as well as confident in reporting potential threats.”
Respondents agreed that cloud computing is the number one emerging threat (81%), with just over half (55%) satisfied with the privacy and security assurances of their current cloud service providers. Interestingly, the research found that just half (51%) of IT professionals felt that the recently introduced General Data Protection Regulation encouraged the use of cloud technologies.
Whilst this reinforces the potential to improve confidence in cloud security and vendor security provisions, it’s encouraging that the research also found a growing customer requirement to demonstrate information security provisions when tendering for new business: 94% of respondents felt they were now required to do so. Of the provisions requested, ISO/IEC 27001 certification topped the list (64%), followed by a copy of the information security policy (20%) and NIST (19%).
DiMaria continued: “We have found organizations that implement an ISO/IEC 27001 Information Security Management system (ISMS) can better identify threats to their information security and put in place appropriate controls to manage and reduce risks, and this is certainly borne out by the findings of this research. It’s encouraging to see that cyber security provisions are now forming a formal part of supply chain relationships, and frameworks such as NIST, which originated out of the US, are also being recognized in Asia as an information security provision to bolster the strong foundation an ISMS provides. The implementation of internationally recognized best practice frameworks allows businesses to put themselves in the strongest possible position.”
在亚洲云博会(Cloud Expo Asia)接受调查的IT专业人士表示，网络攻击是企业信息安全面临的最大威胁，不良员工是第二大威胁。
BSI全球信息安全和业务连续性产品专家约翰•迪马里亚(John DiMaria)表示：“随着网络攻击的增多，组织不仅要对恶意软件防护等技术措施保持警惕，还要应对内部风险，比如潜在的不良员工。” 如果不培训员工如何遵守基本的制度，就如恶意的黑客与你对峙一样危险。简单的培训便可确保员工了解信息安全的重要性，以及了解如何保持警惕，并对发现潜在威胁充满信心，从而大大降低恶性攻击从内部蔓延的机会。