IT security in Irish firms pushed to the limits

More than three-quarters of senior leaders in large Irish firms are worried about digital threats, lax attitudes to IT security among staff, and doubt their defences.

According to new research from Microsoft only one in four are confident they can respond to any security incident effectively.

Not only that but 76pc of employers worry about risky behaviours from their employees.

“A gap exists between organisations’ view of how secure they feel they are, versus the reality where their organisational security habits are leaving them open to data loss or hacking”

The majority would welcome alternatives to passwords and top concerns are are inadequate password and security practices (62pc), ransomware attacks (59pc), growing sophistication of cyberthreats (56pc), and loss of data through theft or sabotage (50pc).

This research was conducted by Amarach across 200 decision makers who work for organisations that employ upwards of 250 staff.  This research follows on from Microsoft research in 2019 that looked at employees’ security habits. Both sets of research together provide both the employee and then the employer perspectives on the state of cybersecurity in Ireland.

Battered defences

“Organisations face an ever-escalating threat from cyber-attack that is pushing organisations IT security to their limits. As a result, organisations can investigate 56pc of the security alerts they receive daily,” said Des Ryan, Solutions Director, Microsoft Ireland.

“The research shows that senior management in large organisations are worried about protecting their organisation, as new technologies transform their industry. A gap exists between organisations’ view of how secure they feel they are, versus the reality where their organisational security habits are leaving them open to data loss or hacking.”

Ryan said that iterative security policies and poorly implemented planning have spawned some bad employer habits.

“Organisations must now ensure they are taking a considered approach to data security, and embrace new procedures and technologies, coupled with consistent training, enforced policies, along with better device upgrades to enable employees to deliver the productivity needed for successful transformation with a minimum of risk to the organisation.”

Poor response to changes like cloud and remote working

This year’s research focuses on four key areas of cyber risk: Identity Access Management, Threat Protection, Information Protection and Security Management.  

Only one in four organisations fully believe they are well secured against cyber threats. When it comes to security management, only three in 10 of senior IT decision makers completely agree they have a clear strategy for protecting and managing sensitive information.

The majority (70pc) of large Irish firms have experienced problems with phishing, hacking, cyber-fraud, or other cyber-attacks. Despite this, approximately the same number (69pc) are not planning to hire additional staff with cyber-security expertise. Of the 31pc who are planning to bring on additional cyber-security staff, over half (54pc) are finding it challenging to find the right candidate.

Senior management reported the challenges of managing staff, remote working access management, and personal devices in the workplace. The research showed that overall, seven in 10 (69pc) organisations don’t allow employee access to their network from a personal or non-work device. In stark contrast, the 2019 employee research showed that 49pc of employees use their personal email when working remotely, potentially exposing their organisation to a data breach as they bypass their organisation’s security measures.

However, over a third (36pc) of large Irish firms who have experienced a cyber-attack continue to allow their staff full access from personal and mobile devices.

When working from home, the vast majority of organisations restrict employee access to documents and other information. However, in organisations employing over 500 staff, nearly a quarter (24pc) of organisations do not put any restrictions on employees’ access when working from home.

When it came to using cloud computing as a solution to addressing large organisations IT challenges, 46pc of Irish organisations’ senior decision makers felt they had no security concerns moving their data or systems to the cloud.

“We have been focused on transforming our cybersecurity strategy to identify and minimise risk across the organisation,” said Stephen Parsons, head of Information Security at SISK Group.

“The benefit of this is that we can streamline and simplify employee access to our network and automatically enforce policies to identify suspicious activity. This has served to eliminate recurring issues and risky behaviour and simplify security management across the organisation. As a result, we have increased both our productivity and confidence when it comes to compliance demands either legal or from our prospective or existing clients.”

Written by John Kennedy (john.kennedy3@boi.com)

Published: 20 February, 2020