33% of respondents said their primary focus was on stopping external cyber-attacks on their networks, such as hacking, Distributed Denial of Service (DDoS) attacks on websites, and malware, while 26% said their main challenge was preventing inadvertent data losses by employees.
Other main challenges cited in the survey of 320 UK IT professionals were enforcing security policies with employees (16%), ensuring adherence to regulatory or compliance mandates (16%), and cutting security complexity and costs (9%).
When asked about the single IT security issue that currently worried them the most, respondents’ answers mapped closely to their biggest perceived security challenges. 41% said that preventing external cyber-attacks – such as hacking or DDoS attacks – and malware infections was their main worry, closely followed by stopping data leaks or theft (34%). Securing remote access was cited by 12% of those surveyed, and controlling staff use of web and social media resources by 5%.
Employee awareness of security policies and good security practice is taking an increasingly prominent role in maintaining network and data security. 29% of those surveyed felt staff within their organisations had high awareness of their security policies; 44% said that security policy awareness was moderate, and just 27% said that staff had little or no awareness.
In terms of security awareness at different levels within their company, respondents felt that board-level executives were almost as likely to cause a network or data security issue as clerical and administrative staff (25% versus 26%). Middle-management employees were rated as a lower risk of causing an event (18%), while external consultants and partners were rated as presenting the lowest overall risk (15%).
Terry Greer-King, UK managing director for Check Point said: “Earlier this year, we found that UK companies were reporting an average of 68 new security attacks every week, and that successful incidents were costing around £150,000 each. As a result, companies are obviously concerned about mitigating their risk of exposure to external cyberattacks, such as hacking, denial of service, or malware, and focusing their security efforts on this.
“It’s also interesting to see that IT professionals are increasingly acknowledging the role of employees in maintaining security, reducing the risks of targeted attacks such as spear-phishing and stopping inadvertent data leaks. These issues need to be addressed by a combination of education and technology so that organisations can protect their data, their business and employees against the risks of security breaches.”
Survey respondents were concerned about their vulnerability to attacks by APTs, bots and other forms of malware infection, with 42% saying they were not confident that their networks were infection-free. 46% were reasonably confident of their networks having no infections; just 12% were completely confident of zero infections on their networks.
To cut the risks of exposure to cyberattacks, and to stop threats spreading, companies should identify their critical network assets and data, and enforce multi-layered threat prevention. This includes proactive education of employees, and interactive security policy enforcement to alert users and help to stop incidents in real time.
The Check Point survey gauged the opinions of 320 IT and infosecurity professionals across a wide range of UK companies from the public and private sectors.