If you read my blog regularly, I’m going to make the assumption that network security is important to you and your company. If so, congratulations (and if not, I sure hope you are thinking more about security issues than you have in the past).
It is good to be taking steps to make your network secure from both inside and outside threats and, if asked, you should feel confident that the security plan you have put in place is effective enough to protect you from a wide variety of potential incidents.
However, just because you have a good security plan doesn’t mean you are immune to a cyber attack or a breach. Yet, a vast majority of businesses in the technology, media and telecommunications (TMT) industries think just that. According to a study released by Deloitte, 88 percent of TMTs don’t think they are vulnerable to an outsider attack and are so confident that less than half have a security-response plan in place. This attitude lingers despite the fact that 59 percent of companies admitted to being the victim of a security threat within the past year.
Six years ago, when Deloitte first conducted its Global TMT Security Study, these were attitudes I could – maybe – understand. Cyber security was really just coming to the forefront in mainstream dialogue, and companies were finally starting to come to grips with the need to do a better job protecting themselves. But as we enter 2013, cyber security isn’t the new kid on the block anymore, and corporate entities of all sizes should be more aware of the risks out there. And yet, even those companies that have seen security threats up close and personal still want to bury their heads in the sand.
Seventy percent of those surveyed went on to admit that they believe their employees are the top threat due to a lack of security awareness (but not surprisingly, only 48 percent provide some type of training). I’ve long been a proponent of education as the best way to tackle security, but education is only going to work if it is actually provided.
Someone mentioned to me yesterday that there is a need to get as much data as possible regarding security risks. I agree with that thought, but my response was how do you make sure the decision makers are going to pay attention to that information? It isn’t just the lower-level employees who need the education; it’s everyone. The Deloitte study shows just how desperately education is needed at the top level.