TRENDING
As IT defenders are faced with the increasing
sophistication of adversaries, 44% of the IT
professionals surveyed in the report expect
DDoS attacks to increase over the next year
and 70% expect overall cyberattacks to
increase or remain the same.
However, 37% of employees surveyed say
they aren’t familiar with what a DDoS attack
is – with 11% not knowing if they’ve been
victimised themselves – which makes it
hard to protect someone when they aren’t
familiar with the dangers or how to prevent
attacks in the first place.
The diverse variety of cyberattacks is
also cause for concern. On the topic of
ransomware, 22% of IT decision-makers say
their company has been the victim at least
once, and an additional 26% believe it is
probable, but ultimately unknown that their
company has been a victim. This equates to
nearly half of the industry either having been
victimised by ransomware, or not aware if they
are already vulnerable to a looming attack.
Help for IT professionals is on
the way
Perhaps as a direct correlation to the rise
of these attacks, the survey revealed that
63% of IT professionals believe their overall
IT and security budget needs to increase.
Additionally, 36% of IT departments are
looking to grow their security teams. Security
is the top hiring focus, followed by the
applications team.
Who’s responsible for app security?
More than half (55%) of employees expect
the use of business apps to increase, increasing
the odds these devices may become part of
a larger DDoS attack, which can bring entire
businesses to a screeching halt.
But who is ultimately responsible to protect
employees who used non-sanctioned apps at
work? App developers, IT departments and
end-users are at odds over who is responsible
for application security and best practices
regarding the many apps on the phones of
employees. With employees, responsibility is
low: only 41% claim ownership for the security
and protection of non-business apps they use.
And who is that ‘someone else’ who
should be protecting users’ apps in the
22
INTELLIGENTCIO
“
EMPLOYEES
THINK SECURITY
SHOULD BE
PROVIDED BY THE
APP DEVELOPERS
(20%), SERVICE
PROVIDERS
(17%) AND THEIR
IT DEPARTMENT
(16%).
Perceived attitudes of employees and
thoughts on best practices:
• Almost a quarter (23%) of IT
decision-makers think there will be no
improvement in security behaviour
at their company but 75% think
optimistically that there will be
• 88% of IT heads say employees need
better education on best security practices
• IT decision makers say their top
recommended password policy is updating
passwords regularly (76%) followed by
choosing different passwords for different
systems (59%), and two-factor or multi-
factor authentication (53%)
• Password policies are communicated
to employees through email reminders
(66%), followed by employee orientation
(50%), internal meetings (48%) and
communication from a manager (44%)
Challenges and needs of IT
workplace? Employees think security should
be provided by the app developers (20%),
service providers (17%) and their IT
department (16%).
But if you ask IT decision-makers who
is internally responsible, one third say
the security team is most responsible for
protecting employee’s identity and personal
information, followed by the CIO or VP
(17%) of the company and 15% state
‘the whole IT department’. Additional AIR
findings include:
Employee behaviour towards the use
of banned apps or sites at work
• It’s an accepted fact that companies
can block apps and websites at work
– 85% of employees find this practice
acceptable
• However, only 61% of employees claim
their companies actually block specific
sites or apps
• A total of 30% of employees surveyed
knowingly use non-sanctioned apps
• A total 10% don’t know if the apps they
use at work are banned or not
• Of those who use non-sanctioned apps
51% claim ‘everybody does it’, while
36% of employees believe their IT
department doesn’t have the right to tell
them what apps they can’t use
• One third (33%) claims IT doesn’t give
them the apps needed to get the job done.
• When protecting their company, the
biggest challenge noted by IT professionals
is lack of corporate commitment to policy
and enforcement (29%).
• 41% of IT leaders are only slightly
optimistic about their ability to stop
threats and protect their company.
This data is consistent with a recent A10
Networks report that found the average
company suffers 15 DDoS attacks per year,
with average attacks causing at least 17
hours of effective downtime, including
slowdowns, denied customer access or
crashes. Attacks are also getting harder to
defend, with average peak bandwidths of 30
to 40 gigabits per second (Gbps) and many
exceeding that mark. n
“
88% OF IT HEADS
SAY EMPLOYEES
NEED BETTER
EDUCATION ON
BEST SECURITY
PRACTICES.
www.intelligentcio.com