Almost half (47%) of UK chief information officers (CIOs) expect to appoint additional IT security personnel to their teams this year, according to a report from Robert Half Technology.
The report found that the majority (78%) of CIOs are concerned about the potential security threats of open plan offices, with the biggest perceived threat cited (by 49% of CIOs) being employees or third parties overhearing sensitive information. The second biggest threat (37%) mentioned was employees or third parties viewing sensitive information.
However, these fears may be misplaced, according to Jeremy Bergsman, practice leader at technology consultancy CEB. “Most breaches are due to external attacks or employee mistakes, not malicious workers,” he told HR magazine. “Even where malicious employees are the source of attacks, an open office plan does not make attacks that much easier. The main risk is when staff have access rights to systems that they don’t need, or their access rights are not removed when they change job roles or leave the company.
“Virtually all advanced attacks of the type one reads about in the news start by tricking an employee into making a mistake such as clicking a link in a 'phishing' email, or opening an email attachment that contains a virus,” he added.
In the research, 45% of respondents said that they would enhance cloud security in 2015, while almost a third (29%) predict that they will enhance or implement mobile device security.
But Bergsman explained that, once again, fears here can be misplaced. “We see a lot of concern over use of the cloud by chief information security officers, but often people misunderstand where the risk of the cloud lies,” he said. “Mature cloud vendors have much better information security protections than almost any company. The two main information risks with use of the cloud are small start-up cloud vendors that are not ready to meet large enterprise security needs, and the financial health of cloud vendors.”
Director of Robert Half Technology Neil Owen said that businesses of all sizes need to recognise the importance of IT security; to ward against the kind of external threats outlined above. He explained that attracting talented IT security specialists will be key.
“Increased investment in cloud and mobile security by organisations is following hard on the heels of greater take-up of those technology platforms, so IT security professionals with specialist skills and experience will be most in demand,” he said. “It will be important for businesses to provide attractive remuneration packages along with an innovative, technically challenging environment in order to attract the best candidates.”
Hugh Boyes, cyber security lead from the Institution of Engineering and Technology added that where internal attacks are a concern, HR can play a key role screening job candidates.
“This is one area where HR managers can make a huge difference,” he said. “Screening key candidates to see if they have previously been dismissed for trust issues, or if they have a criminal record, could help prevent deliberate data leaks from happening from within.”
