Half of companies worldwide lack knowledge about potential security threats they may face, a global IT risks survey has revealed.
Almost a third of more than 3,000 IT professionals, including 200 from the UK, polled by security firm Kaspersky Lab, admitted they had never heard of any of the cyber epidemics that recently posed direct threats to their organisations.
A further 58% highlighted a lack of resources into both staffing and improving IT security systems, reducing the organisations' ability to cope with cyber security threats. This was mainly due to poor understanding among senior managers of the reasons why IT departments exist.
The survey also revealed that 35% of companies have insufficient personnel trained to deal with IT threats.
According to Kaspersky Lab, this problem cannot be dealt with simply by hiring new employees; existing staff also need to be educated.
Teaching staff the basics of IT security should be no less important than installing the latest software
Kaspersky Lab
The research report said this is emphasised by the low level of computer literacy among employees, which can lead to confidential information leakages, and to the infection – or even total disablement – of a company’s IT infrastructure.
The report concludes that teaching staff the basics of IT security should be no less important than installing the latest security software.
Commenting on the survey’s findings, Eugene Kaspersky, CEO and co-founder of Kaspersky Lab, said: “Companies should not underestimate global cyber threats.”
He said although organisations are starting to take this issue seriously and have increased the proportion of IT staff dedicated to security to around 40%, these people are not always sufficiently trained and competent to protect businesses from the most pertinent threats.
More on security awareness Top cyber threats underline need for security awareness Security awareness training made easy IT security awareness needs to be company-wide, says (ISC)2 How to begin corporate security awareness training for executives
“Increasing the level of computer literacy among staff is an essential element of security, while senior management needs to be fully aware of the potential consequences of cyber threats and understand that reliable protection of the corporate network is vital in ensuring the effective development of a company’s IT infrastructure,” said Kaspersky.
IT security, he said, is important not only to individual companies, but to whole economies, because cyber criminals can destroy the normal business environment; they could prevent future global development and bring on economic and even political collapse.
“We are here to stop this happening, and are confident of doing so,” said Kaspersky.
