IT staff are too thinly spread to fight cybercrime: ISACA

IT staff are too thinly spread to fight cybercrime: ISACA

Summary: Oceanic firms are having to fight off more security breaches than others, with not enough staff and having them spread across slow projects.

SHARE:
2

Businesses in the Oceanic region are having to fight off more security breaches than the rest of the world, with only insufficient and thinly-stretched staff in place, in many cases.

These findings come from the ISACA 2012 Governance of Enterprise IT survey, which looked at over 3700 businesses, 65 of which were from Australia and New Zealand.

ISACA Security infographic
Top network challenges, globally.
(Credit: ISACA)

It found that Oceanic organisations were more likely to have had a security breach than those in the rest of the world. About 29 per cent of responding Australian and New Zealand organisations reported having had a security breach in the past 12 months, compared to the global figure of 22 per cent. Privacy breaches were slightly less than the 12 per cent global average, at 10 per cent.

This may be due to Oceanic organisations being overly concerned about privacy issues, ranking data leakage as the top concern in network security for the next 12 months. About 19 per cent rated it as a top concern, followed by 17 per cent who were worried about inadvertent employee mistakes and 15 per cent about incidents relating to employees' personal devices. Cloud computing and cyber attacks ranked lowest, in terms of the most likely challenge to a network's security, at 12 and 11 per cent, respectively.

"Data collection is increasing at such a rapid rate that it's not surprising that there is a level of concern among industry professionals around how to keep all company information secure,” said ISACA director Jo Stewart-Rattray.

"All organisations need to ensure that there are adequate security frameworks and guidelines in place to keep proprietary and sensitive company data secure."

But this might be difficult, given that a majority of companies are also facing an IT shortage. About 54 per cent of Oceanic organisations ran into problems in finding necessary staff. Additionally, Oceanic businesses had staff stretched out across projects for longer than necessary, with 57 per cent stating they ran into the problem of project overrun. This was higher than the global average of 48 per cent.

ISACA vice president Tony Hayes warned that staffing issues could spell disaster for an already thinly spread company, in the event of a security or other IT incidents.

"When a major issue breaks, it can be extremely damaging to a company, and the business consequences can range from being troubling to catastrophic. I urge all organisations to review their IT departments on a regular basis, to ensure they are well equipped in terms of staffing levels and training."

Topics: IT Employment, Security

Michael Lee

About Michael Lee

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • It's not that hard

    Reasonably savvy computer people know that the standard issue methods for beefing up cybersecurity are labor intensive and finicky, hence inevitably prone to bugs and human error, and therefore almost guaranteeing security problems since hackers and virus writers are now very, very quick to exploit any vulnerability, however accidental or transient. Australia at least has some notable cybersecurity research going on especially in regards to honeypots and honeynets, so it wouldn't be *that* hard to have somone take lead and come up with a simple, constantly updated checklist of the most straightforward and cost & labor efficient methods, including recommended software, to better secure businesses, government agencies, and even individual home computers and mobile devices.
    JustCallMeBC
  • Top 35 Strategies to Mitigate Targeted Cyber Intrusions

    Somone has taken the lead and come up with a simple, constantly updated checklist of the most straightforward and cost & labor efficient methods. It doesn't recommend software, but thats not to hard to find.
    Its called the Top 35 Strategies to Mitigate Targeted Cyber Intrusions and its produced by the Defence Signals Directorate.
    http://www.dsd.gov.au/infosec/top35mitigationstrategies.htm
    dentz