People are the biggest threat when it comes to enterprise cyber-security, not technology or processes. This is according to a new report by The Institute of Information Security Professionals (IISP), which says there are a couple of ways people are putting organizations at cyber risk.
The first, and most obvious one, is not being careful enough when opening links in emails, downloading attachments and visiting threat-carrying sites. The second one, less obvious, is the lack of technical skill. And finally, the third one, is the risk from senior business stakeholders making “poor critical decisions around strategy and budgets.”
Despite all of this, enterprise cyber-security seems to be getting better, as now five percent more companies feel better placed to deal with a breach or similar incident, compared to last year.
A rise in budget has been seen in 70 percent of companies (up from 67 percent), and seven percent have reported a decrease in budget, also down from 12 percent last year.
“The survey highlights the continued need for industry, government, academia and professional organizations like the IISP to continue to work hard to attract new entrants and younger people into the industry,” says Piers Wilson, author of the report and Director at the IISP. “This year, over 75 percent of respondents had a degree and over a third had a post graduate Masters Degree — an increase of over five percent, reflecting the increasing number of university programs. While this is very encouraging, we also need to develop other routes into the industry to harness talent from diverse backgrounds.”
Published under license from ITProPortal.com, a Future plc Publication. All rights reserved.
Image Credit: Goodluz / Shutterstock