People are the biggest threat when it comes to enterprise cyber-security, not technology or processes. This is according to a new report by The Institute of Information Security Professionals (IISP), which says there are a couple of ways people are putting organisations at cyber risk.
The first, and most obvious one, is not being careful enough when opening links in emails, downloading attachments and visiting threat-carrying sites. The second one, less obvious, is the lack of technical skill. And finally, the third one, is the risk from senior business stakeholders making 'poor critical decisions around strategy and budgets'.
Despite all of this, enterprise cyber-security seems to be getting better, as now five per cent more companies feel better placed to deal with a breach or similar incident, compared to last year.
A rise in budget has been seen in in 70 per cent of companies (up from 67 per cent), and seven per cent have reported a decrease in budget, also down from 12 per cent last year.
“The survey highlights the continued need for industry, government, academia and professional organisations like the IISP to continue to work hard to attract new entrants and younger people into the industry,” said Piers Wilson, author of the report and Director at the IISP. “This year, over 75% of respondents had a degree and over a third had a post graduate Masters Degree – an increase of over 5%, reflecting the increasing number of university programmes. While this is very encouraging, we also need to develop other routes into the industry to harness talent from diverse backgrounds.”
Image Credit: Den Rise / Shutterstock