An Irish data security survey conducted in December, 2015., has revealed that a third of Irish companies have suffered a data breach in the past 12 months, highlighting the need for Irish companies to improve their security posture.
ICS Irish data security survey indicates employees are the biggest risk
150 IT security professionals took part in the Irish Computer Society survey with 33% claiming their employer had suffered a data breach in the past 12 months. In 71% of cases, the data breaches occurred as a result of the actions of staff members.
Perhaps unsurprisingly given the number of inadvertent data breaches that had been caused by staff members, 45% of respondents cited employee negligence as being the biggest single data security threat they faced. Protecting networks from errors made by employees is going to be one the biggest security challenges faced by Irish IT professionals in 2016.
Other major security concerns highlighted by respondents included the increasing number of end user devices that are being used to store sensitive data, and the increasing threat of cyberattacks by hackers.
Improving security posture by tackling the issue of employee negligence
Employees are the weakest link in the security chain, but that is unlikely to change unless less technical members of staff are provided with training. It is essential that they are advised of the risk of cyberattacks and what they can personally do to lessen the chance of a data breach occurring. In many cases, some of the most fundamental data security measures are not so much ignored, but are just not understood by some members of staff.
It may be common knowledge for instance, that 123456 does not make a very secure password, that email attachments from strangers should not be opened, and links to funny videos of cats on social media networks might not turn out to be as innocuous as they seem.
Tackling the issue of (dare we say) employee data security stupidity is essential. It is far better to do this before a breach is suffered than afterwards. Proactive steps must be taken to improve understanding of cybersecurity risks, and what employees can do to reduce those risks.
ICS Irish data security survey respondents indicated the best way of improving data protection knowledge is by conducted formal training sessions. 57% of respondents said this was the best approach to deal with data security knowledge gaps.
Fortunately, the level of training being provided to staff is increasing, not only for end users but also data security staff. However, there is clearly still a long way to go. Only 56% of respondents said they had received the right level of training on how to achieve the objectives set up their organizations.
The full findings of the Irish data security survey will be made available at the Association of Data Protection Officers National Data Protection Conference, taking place on January 27/28 in Ballsbridge, Dublin.