Prioritization of Security Fundamentals Such as Employee Education Lacking According to Respondents
Patrice Perche, senior executive vice president, worldwide sales and support at Fortinet
“ITDMs continue to prioritize the maintenance and upgrade of their cybersecurity solutions in an attempt to combat today’s cybersecurity adversaries. Although important, other security best practices within their broader cyber and technology strategy are still missed opportunities. In particular, the urgency to prioritize security hygiene, educate with broader awareness, or implement security approaches that leverage automation, integration, and strategic segmentation, is critical to defend against the highly damaging Internet attacks possible in our near future.”
Fortinet has revealed additional findings from its Global Enterprise Security Survey. According to the research, 51% of Australian IT decision makers (ITDMs) at 250+ employee organizations around the world are confident in their cybersecurity posture, despite 82% of organizations being breached in the past two years. In addition, 83% believe they are doing better than their peers with regards to cybersecurity, while only 7% believe they are lagging behind. The research is a reminder of the importance of employing cybersecurity best practices and fundamentals as well as the urgency to avoid complacency in defending against cyberattacks.
Complacency despite clear concerns
Respondents reveal that 31% of breaches experienced in the last two years were the result of social engineering, ransomware and email phishing. In 2018, 70% of businesses are planning programmes to educate employees in IT security, reflecting a growing awareness that breaches are caused by carelessness and ignorance as much as maliciousness.
Another top concern for organizations is protecting access to the network. Under half (46%) of ITDMs feel confident that they have full visibility and control of all devices with network access. A similar level of 48% of ITDMs feel confident that they have full visibility of the access level of all third parties who frequently have access to networks, while 54% of ITDMs feel confident that they have full visibility and control of all employees. This lack of confidence in network visibility suggests that this is an area that should be treated as a top concern for organizations. Yet, basic security measures like network segmentation are only being planned by 29% of Australian businesses in 2018. Without network segmentation, malware entering a network will often be left to spread.
Employee knowledge key for security in organizations
When asked about what they would have done differently over their career in security, 37% of Australian ITDMs wish they had invested more in employee security awareness training to prevent a security breach. Educating users can lessen the chance that they become victim of an intrusion attempt that targets one of the weakest links in the cybersecurity chain: employees themselves.
In 75% of breach incidents in Australia, in the first instance the board blames the IT department – either a specific individual (35%) or the department as a whole (40%). Employees outside the IT department get blamed in 30% of breach incidents, even though they’re often recognized as the weakest link. The IT department can no longer be the only one responsible when it comes to a breach. BYOD and IoT, the use of cloud-based applications, and shadow IT, all extend the security responsibility to the broader organization – and employees.
Balanced Cybersecurity Investment Priorities Are Critical
In 2017, Australian ITDMs ranked the following as their no.1 priority:
- 32% – New security solutions and services
- 25% – Upgrading security solutions
- 20% – Implementing security policies and process
- 15% – Employee training
- 4% – Auditing and assessment
Continued technological investment allows businesses to keep pace with malicious attacks and prepare for them by implementing a comprehensive security solution. Investments in new and upgraded security solutions will continue in 2018, but 40% of Australian respondents also reveal that investments towards employee training will become one of the top 3 investment priorities.
The 2017 Fortinet Global Enterprise Security Survey was undertaken on behalf of Fortinet by independent market research company Loudhouse to examine the changing attitudes towards security in business in July/August 2017. The global survey of IT decision makers with responsibility/visibility of IT security, received 1,801 anonymized respondents across 16 countries (US, Canada, France, UK, Germany, Spain, Italy, Middle East, South Africa, Poland, Korea, Australia, Singapore, India, Hong Kong, Indonesia). Respondents to the online questionnaire were not aware of the purpose or sponsor of the report.
- Learn more about the Fortinet Security Fabric.
- Sign up for our weekly FortiGuard intel briefs or to be a part of our open beta of Fortinet’s FortiGuard Threat Intelligence Service.
- Follow Fortinet on Twitter, LinkedIn, Facebook and YouTube.
Fortinet secures the largest enterprise, service provider, and government organizations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network – today and into the future. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud, or mobile environments. Fortinet ranks #1 in the most security appliances shipped worldwide and more than 330,000 customers trust Fortinet to protect their businesses. Learn more at http://www.fortinet.com, the Fortinet Blog, or FortiGuard Labs.