New research finds the likes of CERT-UK also had an influence on IT departments’ policies and strategy, but are individual employees hearing the message?
New research released today reveals that 45% of IT professionals feel Government initiatives like CERT-UK and Operation Waking Shark II have actively helped them raise awareness of cybersecurity to senior management. The research, conducted by cybersecurity service provider SecureData and Vanson Bourne, investigated the impact Government security initiatives had on end-user organisations in 2014, with nearly half (47%) reporting that initiatives have helped them communicate the importance of security across their organisation. Over a third (39%) of participants also stated that they had used the insights from such initiatives to define IT security standards and policies, with a quarter (24%) using information garnered from them to set security strategies. More work needed But despite this obvious degree of influence, not all IT professionals feel Government initiatives have had such a positive influence. Nearly a quarter (23%) said that these initiatives have gone largely unnoticed within their organisation, with 34% also divulging that they haven’t used the insights of CERT-UK in any way. 35% still see professional bodies like IISC or ISC2 as their primary source for security insights as opposed to only 13% who have sought information from the likes of CERT-UK, while a quarter (25%) rely on input from vendors/service providers. Meanwhile, only 26% of IT pros said initiatives had directly encouraged individual employees to consider IT security more closely. Smaller organisations also saw a reduced impact from security initiatives. While fewer than a fifth (18%) of organisations with over 3,000 employees saw Government initiatives go unnoticed, this was true for almost a third (28%) of smaller firms. Commenting on the findings, Alan Carter, cloud services director at SecureData said: “While government initiatives have clearly had a positive impact on IT security over all, there’s still some way to go. Although initiatives clearly grab c-level attention in major enterprises, they are far less effective at raising awareness in smaller organisations or amongst individual employees. If we want security insights to resonate outside the boardroom, we need to look beyond Government programmes.??? Retail falling behind Despite recent high-profile breaches in retailers like Target, the Retail sector is also seeing the fewest benefits from Government security initiatives. A third (32%) of Retail IT pros said initiatives had gone largely unnoticed, while 44% had not used the results in any way and only 4% saw them as an important source of security insights. Carter continues: “We need to ask if one-off stress-testing exercises are the best approach to raising security awareness. By placing the emphasis on responding to attacks, initiatives struggle to convey the need for a complete approach to the security spectrum. Without insights into how to assess risks, detect threats and protect assets before an attack, these exercises become more a measure of the industry’s pulse than a source of valuable strategic advice.???