There has been a significant increase in boardroom pressure on IT security departments, as board members become aware of targeted and DDoS attacks.
According to research by Fortinet of 1,600 IT decision makers across 15 countries, 63 per cent had experienced greater interest from the board. However the growing awareness of IT security within the boardroom was also cited as a major contributor to making the IT security job more difficult, with three-quarters rating awareness of senior management as ‘high’ or ‘very high’.
Rupert Clayson, regional director for UK and Ireland for Fortnet, told IT Security Guru that there is a lot of awareness of IT and of damaging brands and the cost of it, and it is not just the IT guys who are worried.
He said: “There is pressure outside and inside the organization that needs to be addressed. We have seen almost a 20 per cent increase in ‘high’ or ‘very high’ pressure and many said that a reason for the pressure was targeted attacks.
“Papers are looking for stories and attackers have the time and money to invest in it. You don’t know if you have been breached but there may have been technology in place for years but users don’t know what they are looking for.”
Clayson said that the number one priority for the board is avoiding brand damage but for IT this was less of a concern, so there was a distinct disconnect. “The boardroom will be thinking ‘we must not be breached’ but IT will say ‘how do we mitigate against that breach’.”
Elsewhere, 88 per cent of respondents believe that the job of keeping the organisation secure has become more challenging with advanced threats.
Additionally 53 per cent of respondents said that they had slowed down or cancelled a new application, service or other business initiative because fears that their security would not be able to cope. Clayson said that the most common project to be a victim was mobile, followed by public applications, cloud-based services and BYOD.
He said: “Consumerisation caught everyone by surprise – could everyone support iPads when they were brought in? Some could support apps and services, but the user experience was rubbish and people find another way around it.”