Story image

IT teams and management at odds over security policies, survey finds

10 Apr 2017

New Zealand organisations are struggling to manage the multitude of issues surrounding cyber attacks - and many executives can’t even agree amongst themselves, a new study by Perceptive on behalf of Kordia has found.

According to the survey of 180 IT decision makers, medium-sized businesses are open to attacks, leaders have little confidence in data breach policies; and executives from the technical and business side cannot agree how to approach information security.

The research found that businesses are relatively well prepared to respond to attacks, there are gaps. Security is still just an IT issue rather than a company-wide discipline.

70% of respondents of organisations that have security policies are confident they can prevent a breach - however 46% CEOs and general managers disagree. 

“Cyber attackers thrive in gaps. While it’s good to see that most businesses are aware of the necessity for sound information security policies, procedures and enabling infrastructure, more needs to be done – particularly around training and policy implementation. And the ‘she’ll be right’ approach taken by medium-sized businesses is potentially leaving them wide open to attack,” says Scott Bartlett, Kordia Group CEO.

82% of respondents in organisations with more than 200 employees said there are enough tools to help them make informed security decisions - compared to 58% of those with 50-99 employees.

“Businesses with 20 to 99 employees are less well prepared as they likely don’t have the budget, the skills or the inclination to focus on information security. Instead, energies are more likely to be focused on operational issues,” Bartlett says.

70% of respondents overall said their organisation has security policies or training, but only 58% of medium-sized businesses have them.

The survey also picks up a lack of communication between chief executives/general managers and chief technology officers. Only 54% of CEOs/GMS know about the policies and training systems around online security, compared to 84% of IT staff.

Bartlett says technical staff are generally more confident because they’re involved in the design. He believe executives either don’t know enough, or they see an inadequate policy. 

He believes that disconnect is a problem, because security is everyone’s concern.

“It is encouraging that most companies do recognise the necessity for cyber security as a component of their IT and business organisation,” Bartlett notes.

“However, there is still work to be done in terms of making this a companywide issue, rather cyber security remaining in the domain of technical staff members. And both small and medium-sized businesses should realise that they are just as much in hackers’ crosshairs as their larger counterparts,” he says.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.