Friday, 24 April 2015

Survey finds that 50% of IT professionals in Irish businesses fear a nation state cyber warfare attack

Data Solutions, the leading Irish distributor for IT solutions, has revealed the results of its survey which found that half of IT decision makers within Irish businesses are concerned that nation state cyber warfare, such as the Sony hack, may become a threat to their business. Just 4% of Irish businesses are not at all worried about a nation state cyber warfare attack. The survey was carried out among 171 senior IT decision makers in Irish businesses during March, 2015.

The survey found that 22% of IT professionals believe operations and production departments pose the biggest information security concern. The sales department and IT department were next at 20% and 19% respectively.

More than 40% of respondents blamed a lack of IT security knowledge or information for cyber security risk. About one third said the internal use of social media, personal devices or applications by employees was an information security risk to the business. One fifth of respondents highlighted  downloading of malicious files and a lack of effective security technologies or tools to protect the organisation against cyber-attacks, as the main cause of cybersecurity risk.

More than one third of senior IT decision makers believe the average IT user does not understand the risk of information security to the business. Greater than 50% of respondents believe their company does not provide enough IT security information  to non-IT staff. When it comes to responsibility, 70% of senior IT decision makers believe the average IT user passes the responsibility to the IT department. Almost 45% of respondents believe the average IT user within an Irish business does not take enough responsibility for IT security.

The majority (65%) of IT decision makers in Irish businesses said insiders pose the greatest security threat to business. Thirty-five per cent of respondents believe an outsider; either former staff, suppliers, criminals or others with malicious intent; is the most likely source of information security breach.
In excess of 42% of Irish businesses are concerned about compromised third party suppliers being a security breach, however almost half of Irish businesses don't know whether their suppliers have information security policy which would in turn protect their organisation against attack.

While 91% of IT decision makers in Irish businesses are most concerned about data loss or disclosure in the event of a cyberattack, 60% are worried about data destruction, 56% about insider misuse and 50% are worried about phishing. Eighty two per cent of the respondents are worried about social media, web application attacks and internet of things resulting in cyberattacks on their business.

Denial of service (DDoS) attacks, flaws in commonly used platforms, such as Heartbleed, and social engineering are also huge concerns for Irish businesses.

David Keating, security sales manager, Data Solutions, said, "Cyber warfare does not have geographical boundaries. Every internet connected business across the globe is a potential target, or a stepping stone to the real target. There are already many examples of malicious attacks who have reached their ultimate goal, whether financial or political, by compromising an intermediate business first. Ireland has digital ties to many of the largest organisations in the world and we cannot assume we are safe from attack.

"When it comes to cybersecurity risk, there is clearly a lack of information among non-IT users in Irish businesses and a need for education. The IT department may have security measures in place, but the user needs to be aware of factors that indicate a cyber-security risk in the first place in order to flag a concern. IT can then step in using tools that safely assess the risk.

"We are also seeing a growing concern among Irish businesses on the use of social media platforms and cloud-based solutions. The Third Platform brings with it new cybersecurity risks. Historically, Irish businesses have used IT applications and systems that were introduced by the business itself. Now, with the advent of IT consumerisation, users are bringing systems into the business, sometimes without the knowledge of the business.

"For example, a user might email a document to their home email account to work on it at a later stage. This is great for productivity but potentially puts very sensitive information at risk. If the IT department is made aware of this practice, they can deploy tools such as Check Point Capsule that can be used to access data the worker needs, but to do so in a secure way."

The full results of the survey will be presented at Data Solutions' Secure Computing Forum which will be held in The Light House Cinema in Smithfield, Dublin on 14th May. A limited number of free tickets remain for this, Ireland's largest annual conference dedicated to IT security.