November 21, 2012 By D. Craig MacCormack
More than half of the 875-plus respondents to CompTIA’s 10th annual Information Security Trends Survey say they remain concerned about hacking, phishing, malware, viruses and other potential threats to their networks.
One of the other major trends in this year’s survey, says CompTIA director of technology analysis Seth Robinson, is the continued need for education of end users, many of whom still struggle to understand how to keep their information safe. The problems have multiplied, it seems, as companies continue to allow employees to use company-funded mobile devices as well as the expansion of cloud computing and social media.
“When you give these devices out, you’re really placing some trust in the hands of the end users,” says Robinson. “There’s a need to raise the level of awareness and that doesn’t mean hold one training session and be done with it. The landscape is changing so sufficiently, you really need to have some sort of ongoing training.”
Robinson suggests companies initiate simulated “attacks” of their networks and track the results, reporting to employees after they end how many people clicked on the phishing link or otherwise compromised the security of sensitive information.
Some companies, he says, may pick and choose what information should go on the cloud and what information should remain in-house.
“As the complexity of technology goes up, there are more chances of security issues,” says Robinson.
Growing In Importance
Four out of five companies expect to keep security as a high priority over the next two years, with large companies more likely to do so than their small and medium counterparts.
“Spending on security products shows no signs of abating, but a comprehensive security solution also must focus on the end users,” Robinson said. “It boils down to policies, processes and people, making every user aware of their responsibilities for security.”
Another key aspect of improving security, says Robinson, is a better working relationship between management and IT staffers, as the issues now touch on both sides of the aisle.
“Security can’t just be the domain of the IT department anymore,” he says. “Everyone needs to get up to speed on keeping an eye on what’s going on.”
Security and IT integrators could become the beneficiaries of the increasing push in many companies for more cloud computing and managed services offerings, where the company has its network and information watched by someone with more knowledge of potential threats and how to eliminate them.
Although the corporate setting is most often associated with security breaches and issues, restaurants and hotels “are collecting more and more data every day,” says Robinson, and utilities with smart meters need to be encrypted.
Medical facilities are another prime target for hackers, who are always trying to stay one step ahead of the security measures, he says.
“Even if there’s not an obvious threat, they’re always working on something new,” says Robinson.