Feeds

IT Security: Podium place or first round shame?

The Reg Readers have spoken

  • alert
  • submit to reddit

Top three mobile application threats

Tech Panel The results of our Security Poll are in, and like medal-toting 'Team GB', they show that being game counts a lot. The entire report is now available for consumption over in our whitepaper library - grab your very own copy today.

A big thanks to the 1,100 fine folk who took part in the poll, the warm up to our forthcoming Security Debate in September. You told us straight up that IT security remains an important issue. However, it’s clear that between organisations, IT security practices vary considerably.

In fact, leaving technology aside and concentrating on some behavioural and attitudinal attributes highlighted some serious differences. We separated out the two extremes: organisations scoring very high or very low on levels of security awareness and availability of training, and how seriously IT security is taken by senior management, the workforce and the IT department. Then we compared the socks off them.

So was it worth it? Yessirree.

Broadly speaking, the leader group considers itself to be much better protected against a range of security threats. There’s a certain level of confidence generated by being up for it, it seems.

But does it make any actual difference? Well, yes, especially in more complex risk areas such as website defacement or corruption, where we found the laggards to be three times more likely to suffer.

Continuing the leaders and laggards theme, a number of other ‘good behaviours’, in policy, communication and tooling became clear.

While IT security policy across the sample is all over the place, leaders are twice as likely to have a comprehensive policy in place. When it comes to tools in use, it seems that being up for it includes being far more likely to be getting to grips with some of the more complex IT security solutions – vulnerability testing, intrusion protection, event management and behavioural analysis - to name a few.

But what spark, or otherwise, separates the leaders from the rest?

A big clue lies in the degree of communication. You’ll like this, because it supports the ‘we’re not bloody mind readers’ angle that IT often has to take with the business. Essentially, the leaders understand that IT isn’t a bloody mind reader, and have thus got better at prioritising the risks their businesses face, and at communicating them to IT. Furthermore, they are streets ahead when it comes to communicating all this to the workforce. These rather simple capabilities could be a fundamental reason for the chasm between the effectiveness of the leaders and the laggards.

Ultimately, it will always be worth reviewing the IT security situation in any organisation and determining what improvements can be made. This is particularly true when it comes to communication, as time and again we see that ‘the threat within’ ranks higher as a risk factor than any other issue.

Whether you feel like a leader, laggard or inbetweener, if you have something to learn or something to share, sign up for the Security Debate 24 Sept and come and have your say.

In the meantime, our shiny new report based on the findings from the study will further whet your appetite, so grab a copy today. ®

3 Big data security analytics techniques

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.