Friday, 21 December 2012
IT risk's for Irish companies exposed!
David Keating, security sales manager, DataSolutions
Data Solutions, Ireland's leading value-add
IT distributor, today announced results of a survey which found that 80%
of Irish organisations consider the actions of careless employees to be
the greatest risk to IT security compared to the 15% who are more
concerned about external hackers.
The research was carried out in November 2012 by Media Team, and was
commissioned by DataSolutions. A total of 278 IT professionals in
companies around Ireland were surveyed.
More than 42% of respondents said their employees would divulge their
password to an unauthorised person even though 89% also believe
employees know the importance of their password in terms of the
company's IT security.
Moreover, 11% of respondents said employees are not required to report
to the company, any lost personal mobile device, such as a smart phone
or tablet, which had access to the corporate network and data.
62% of those surveyed also said their organisation allows employees
access to social media sites such as Facebook and YouTube with 23% of
those enabling access without any restrictions or usage policies. A
total of 22% were aware of IT security breaches within their
organisation caused by employees accessing external online sites or
downloading material from external sites.
Of those that had experienced a breach due to employees accessing
external online sites 36% said it was through Gmail, 40% Facebook, 34%
Dropbox, 20% YouTube, 34% LinkedIn, 41% Hotmail, with retail sites
resulting in the highest number of breaches at 43%. Despite these
figures, 22% of those surveyed do not have systems in place to monitor
employee online behaviour and information access.
When it comes to cybercrime, the majority of respondents (63%) agree
that education of employees is more important than security technology
products. Surprisingly, given this, 33% do not carry out any training
for employees on IT security awareness.
According to David Keating, security sales manager, DataSolutions, "The
fact that so many IT managers are concerned about the potential actions
of employees shows a great need for education and change in culture
"IT security attacks are becoming more sophisticated and are emanating
from a growing number of sources, with mobile devices, social networking
and cloud computing continuing to gain traction.
"While the biggest concerns with security are typically related to
critical infrastructure, monetary systems, intellectual property and
private records, attackers can and do go after virtually any type of
information. Employees often unwittingly create security problems within
today's increasingly diverse IT work environment.
"The findings of this survey indicate a lack of real understanding or
sense of responsibility among employees for IT security within the
organisation. Many may view it as the sole activity of the IT
department. However, for IT security to be fully effective, a holistic
approach is needed, integrating both the latest security technologies
with buy-in from employees to take personal responsibility for the role
they play and the consequences of their online actions," said David
"Creating a security awareness culture within the organisation, which
focuses on keeping employees educated on all the latest IT security
threats and also ensures the right technology solutions are in place to
deal with any potential threats, is the only way to fully safeguard the
integrity of any organisations network."
David Keating continued, "The results of these findings will form some
of the main discussions at the Secure Computing Forum which we are
running on the 7th March 2013. Global speakers will provide advice to
Irish organisations on how to build an effective security awareness
culture. They will also address the latest security threats and the
technologies that need to be in place to protect the organisation now
and in the future."