EDITOR’S QUESTION
IS COMPLACENCY
THE BIGGEST THREAT
TO ENTERPRISE
SECURITY?
//////////////////////////////////////////////////////////////////////////////////////////////////////////
F
ortinet, a global leader in broad,
integrated and automated
cybersecurity solutions, has revealed
additional findings from its Global Enterprise
Security Survey.
According to the research, 63% of IT
decision makers (ITDMs) at 250 plus
employee organisations around the world
are confident in their cybersecurity posture,
despite 89% of organisations being
breached in the past two years.
In addition, 66% believe they are doing
better than their peers with regards to
cybersecurity, while only 9% believe they are
lagging behind. The research is a reminder of
the importance of employing cybersecurity
best practices and fundamentals as well
as the urgency to avoid complacency in
defending against cyberattacks.
“ITDMs continue to prioritise the
maintenance and upgrade of their
cybersecurity solutions in an attempt to
combat today’s cybersecurity adversaries,”
said Alain Penel, Regional Vice President –
Middle East at Fortinet.
“Although important, other security
best practices within their broader cyber
and technology strategy are still missed
opportunities. In particular, the urgency
34
INTELLIGENTCIO
to prioritise security hygiene, educate with
broader awareness, or implement security
approaches that leverage automation,
integration, and strategic segmentation,
is critical to defend against the highly
damaging Internet attacks possible in our
near future.”
Respondents reveal that 24% of breaches
experienced in the last two years were the
result of social engineering, ransomware and
email phishing. In 2018, 74% of businesses
are planning programmes to educate
employees in IT security, reflecting a growing
awareness that breaches are caused by
carelessness and ignorance as much as malice.
Another top concern for organisations is
protecting access to the network. 38%
of ITDMs feel confident that they have
full visibility and control of all devices
with network access. 42% of ITDMs feel
confident that they have full visibility of
the access level of all third parties who
frequently have access to networks and 48%
of ITDMs feel confident that they have full
visibility and control of all employees.
This lack of confidence in the network visibility
suggests that this is an area that should be
treated as a top concern for organisations.
Yet, basic security measures like network
segmentation are only being planned by
29% of businesses in 2018. Without network
segmentation, malware entering a network
will often be left to spread.
When asked about what they would have
done differently over their career in security,
53% of ITDMs wish they had invested more
in employee security awareness training to
prevent a security breach. Educating users
can lessen the chance that they become
victim of an intrusion attempt that targets
one of the weakest links in the cybersecurity
chain: employees themselves.
In 76% of breach incidents, in the
first instance the board blames the IT
department – either a specific individual
(31%) or the department as a whole (45%).
Employees outside the IT department get
blamed in 40% of breach incidents, even
though they’re often recognised as the
weakest link.
The IT department can no longer be the only
one responsible when it comes to a breach.
BYOD and IoT, the use of cloud-based
applications, and shadow IT, all extend
the security responsibility to the broader
organisation – and employees.
We asked three industry experts whether
complacency represented the biggest threat
to enterprise security?
www.intelligentcio.com