IDC New Zealand has released its Security Heatmap summarising the ICT security issues facing New Zealand organisations, saying IT security is an organisational challenge as much as a technology challenge.
Louise Francis, research director at IDC New Zealand, said “It is important to remember: security is never about the technology. It is an organisational mindset.”
She said CEOs and CIOs were becoming acutely aware that they would be challenged to maintain their enterprise’s digital vision, while also addressing increasing security concerns.
“The fast pace of technological disruption is necessitating a tremendous amount of work across all levels of NZ organisations to manage the accompanying security risks.
“Security and business risk concerns are now seen as the biggest barriers for organisations seeking to benefit from digital transformation; therefore, IDC expects this to remain a top area of focus for the foreseeable future.
"Two years ago, New Zealand organisations were focused on security at the perimeter, and end-point connections. Now there is a much greater understanding that security must be embedded within all technology deployments and solutions, right from the concept stage. There is also much greater awareness that employees can provide one of the most significant security vulnerabilities to an organisation."
Her comments echo those of Cisco’s director of Cisco’s Global Security Sales Organisation, Stephen Dane.
He told CWNZ at CiscoLive in Melbourne earlier this month that organisations needed a from-the-top security strategy linked to their business strategy and their digital transformation strategy.
“If we keep talking technology we are not going to solve the problem”, Dane said. “Cyber security needs to be seen as a business challenge not just the responsibility of the security team. It needs to be the responsibility of the whole organisation. That will lead to better processes and better decisions about how to solve the problem.”
Dane was commenting on a finding from Cisco’s 2018 annual cyber security report, released in February. It found that, if an organisation were to use technology alone to remediate security vulnerabilities, it would only solve 26 percent of issues identified during ‘Red Team’ attack simulations.
IDC has summarised the findings from its research into New Zealand firms’ IT security, based on surveys it conducted in 2017.
• Within the mobility threat landscape 70 percent of the threats can be traced back to user related factors: uninformed and malicious users, unsecured devices and unsecured applications.
• Almost a quarter of New Zealand organisations have experienced downtime due to human error and 19 percent have experienced downtime due to data security breaches within the last year.
• Sixty five percent of New Zealand organisations prefer to partly or entirely outsource their security services, and 37 percent are planning to renew or expand existing engagements, to ensure their relevance in the next 12-24 months.
• Twenty eight percent are increasing their security services budgets in 2018, but nine percent are decreasing spend.
• While network and content security continue to be the most outsourced security elements, the biggest growth will be driven by app security testing and mitigation of Denial of Service (DDoS) type of attacks as organisations aim to address the security threats to the organisation.