Feeds

IT Security: Podium place or first round shame?

The Reg Readers have spoken

  • alert
  • submit to reddit

Remote control for virtualized desktops

Tech Panel The results of our Security Poll are in, and like medal-toting 'Team GB', they show that being game counts a lot. The entire report is now available for consumption over in our whitepaper library - grab your very own copy today.

A big thanks to the 1,100 fine folk who took part in the poll, the warm up to our forthcoming Security Debate in September. You told us straight up that IT security remains an important issue. However, it’s clear that between organisations, IT security practices vary considerably.

In fact, leaving technology aside and concentrating on some behavioural and attitudinal attributes highlighted some serious differences. We separated out the two extremes: organisations scoring very high or very low on levels of security awareness and availability of training, and how seriously IT security is taken by senior management, the workforce and the IT department. Then we compared the socks off them.

So was it worth it? Yessirree.

Broadly speaking, the leader group considers itself to be much better protected against a range of security threats. There’s a certain level of confidence generated by being up for it, it seems.

But does it make any actual difference? Well, yes, especially in more complex risk areas such as website defacement or corruption, where we found the laggards to be three times more likely to suffer.

Continuing the leaders and laggards theme, a number of other ‘good behaviours’, in policy, communication and tooling became clear.

While IT security policy across the sample is all over the place, leaders are twice as likely to have a comprehensive policy in place. When it comes to tools in use, it seems that being up for it includes being far more likely to be getting to grips with some of the more complex IT security solutions – vulnerability testing, intrusion protection, event management and behavioural analysis - to name a few.

But what spark, or otherwise, separates the leaders from the rest?

A big clue lies in the degree of communication. You’ll like this, because it supports the ‘we’re not bloody mind readers’ angle that IT often has to take with the business. Essentially, the leaders understand that IT isn’t a bloody mind reader, and have thus got better at prioritising the risks their businesses face, and at communicating them to IT. Furthermore, they are streets ahead when it comes to communicating all this to the workforce. These rather simple capabilities could be a fundamental reason for the chasm between the effectiveness of the leaders and the laggards.

Ultimately, it will always be worth reviewing the IT security situation in any organisation and determining what improvements can be made. This is particularly true when it comes to communication, as time and again we see that ‘the threat within’ ranks higher as a risk factor than any other issue.

Whether you feel like a leader, laggard or inbetweener, if you have something to learn or something to share, sign up for the Security Debate 24 Sept and come and have your say.

In the meantime, our shiny new report based on the findings from the study will further whet your appetite, so grab a copy today. ®

Internet Security Threat Report 2014

More from The Register

next story
MI6 oversight report on Lee Rigby murder: US web giants offer 'safe haven for TERRORISM'
PM urged to 'prioritise issue' after Facebook hindsight find
Assange™ slumps back on Ecuador's sofa after detention appeal binned
Swedish court rules there's 'great risk' WikiLeaker will dodge prosecution
NSA mass spying reform KILLED by US Senators
Democrats needed just TWO more votes to keep alive bill reining in some surveillance
'Internet Freedom Panel' to keep web overlord ICANN out of Russian hands – new proposal
Come back with our internet! cries Republican drawing up bill
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Driving business with continuous operational intelligence
Introducing an innovative approach offered by ExtraHop for producing continuous operational intelligence.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?