A recent survey conducted by Protiviti and the Information Systems Audit and Control Association (ISACA), found that cyber security, privacy issues, infrastructure management and emerging technologies rank as the top IT challenges facing organizations today.
The annual survey—A Global Look at IT Audit Best Practices—gathered responses from over 1,000 IT audit professionals and focused on emerging technology, IT implementation, audits, risk assessments and hiring practices. Respondents were asked to name their greatest technology or business challenges.
The following were the top 10 responses:
- IT security, privacy and cyber security
- Infrastructure management
- Emerging technology and infrastructure changes
- Resource, staffing and skills challenges
- Regulatory compliance
- Budgets and controlling costs
- Cloud computing and virtualization
- Bridging IT and the business
- Project management and change management
- Third-party and vendor managementIn order to protect themselves and stay current on emerging risks, experts recommend that organizations continually review the IT risk landscape and adjust IT audit plans accordingly.
The survey also found that, while 90 per cent of large organizations conducted an IT audit risk assessment, only a little more than half of them did so on an annual basis.
© Zywave, Inc. All rights reserved
According to a report, 88 per cent of employees lack the understanding necessary to prevent common cyber incidents.
That report was designed to test the level of knowledge and awareness of cyber security among employees by asking them to name proper behaviours in given circumstances. The survey covered eight risk domains and assigned three risk profiles—Risk, Novice and Hero—to indicate an employee’s privacy and security awareness IQ.
Key findings from the report include the following:
- Only 12 per cent of respondents earned a “Hero” profile, while 72 per cent were given a “Novice” profile and 16 per cent were given a “Risk” profile.
- Almost 40 per cent of respondents disposed of a password hint using unsecure means.
- About 25 per cent of respondents failed to recognize a sample phishing email, even though it came from a questionable sender and included an attachment.
This report highlights one of the key vulnerabilities of any organization—employees’ lack of basic cyber security knowledge. Regardless of other hardware or network protections, employees can and will allow cyber criminals into an organization, often without even realizing it.
Fortunately, employee cyber training can help reduce this risk to your organization.
© Zywave, Inc. All rights reserved.