Anonymous. LulzSec. Stuxnet. A Digital Pearl Harbour. Cyber attacks are bigger than the global drugs trade.
Recent high profile data breaches might well suggest that some corporate networks have all the security of a sieve, but is a lot of the rhetoric and war-room talk that accompanies so much of the discussion of cyber security really necessary?
There’s only so much hype people can take before they switch off or start making assumptions about the true value of the message. And it’s only fair to say that a lot of the fear and negativity that’s associated with digital and network security could be having the opposite effect on end users. In the face of the seeming inevitability of an attack, it seems that many end users are adopting a resigned approach that borders on carelessness or worse: passing the buck and assuming someone else will look after it.
Clearswift’s recent WorkLifeWeb research found that 31% of employees surveyed said they believed information security to be entirely the responsibility of their company. 21% of those employees admitted to not thinking about security at all when using the web or email at work, with 19% saying they’d work around any company blocking policy. Hardly surprising, then, that 50% of managers believe employees are oblivious to security concerns.
It’s that last figure that’s so interesting to me, because it raises some pretty obvious questions: If your employees are oblivious to security concerns, whose fault is that? Similarly, why is it that, with more managers expressing concern about data loss via employees than via external hacking, other Clearswift research has found that 38% of employees had received no training at all on security issues in their current job?
As Andrew Wyatt put it in a recent blog post here, technology on its own is a skimpy fig leaf. Modern information security is about a lot more than just inbound threat detection. It’s about the value and benefits beyond it. Being able to implement flexible policies that work with, rather than against, employees; simplifying solutions and reducing administrative burdens so IT staff can dedicate more time and effort to proactive vigilance; educating your workforce and creating a visible, flexible policy that they are not only aware of but understand the need for...
These are just some of the more positive steps that companies can take towards securing their information assets. Hype might help to sell products. It might even help to push security higher up the business agenda in some firms, but unless we start to see a trickle down to all levels of the business, it’s a waste of breath. Worse still, with 87% of businesses we surveyed saying security fear was the biggest single inhibitor of the adoption of the kinds of technologies that 57% of them described as critical to their future success, it’s worth remembering that some cures are worse than the disease.
By Nick Peart
No comments:
Post a Comment