Cyber-security - Defending your company against cyber attacks2. roberthalf.com.au
© 2016 Robert Half International Inc. RH-1016
CURRENT CYBER-SECURITY
CHALLENGES COMPANIES FACE
64%
of Australian CIOs say the number of
detected security threats has increased
compared with 12 months ago
3. roberthalf.com.au
© 2016 Robert Half International Inc. RH-1016
TOP 3 IT SECURITY RISKS FACING ORGANISATIONS
CURRENT CYBER-SECURITY
CHALLENGES COMPANIES FACE
SPYING/SPYWARE/RANSOMWARE
(economic espionage)
CYBER-CRIME
(fraud, extortion and data theft)
46%49% 49%
DATA ABUSE/DATA INTEGRITY
4. roberthalf.com.au
© 2016 Robert Half International Inc. RH-1016
WHAT ABOUT
INTERNAL IT SECURITY RISKS
77%
of companies allow their
employees to access corporate
data on their personal devices
5. roberthalf.com.au
© 2016 Robert Half International Inc. RH-1016
TOP 3 ACTIONS TO PROTECT CORPORATE DATA ON
EMPLOYEES’ PERSONAL DEVICES FROM CYBER-ATTACKS
WHAT ABOUT
INTERNAL IT SECURITY RISKS
Provide training to
employees on maintaining
security on personal devices
Request employees sign an
acceptable usage policy for keeping
company information secure
Deploy mobile device
management technology to
enforce enhanced protection
56% 55% 49%
6. roberthalf.com.au
© 2016 Robert Half International Inc. RH-1016
THE KEY CHARACTERISTICS
OF AN EFFICIENT IT SECURITY STRATEGY
Has effective governance in place
with an overarching view
Takes a risk-based approach to cover
the enterprise’s operations and supply
chain, including third-party vendors
Has the support of senior management
Creates employee awareness
1
2
3
4
7. roberthalf.com.au
© 2016 Robert Half International Inc. RH-1016
WHAT ARE AUSTRALIAN
COMPANIES DOING
The response for many companies is to rethink their IT
security practices and to implement an integrated approach
to preventing, detecting and mitigating cyber-attacks.
8. roberthalf.com.au
© 2016 Robert Half International Inc. RH-1016
TOP 5 MEASURES COMPANIES ARE TAKING TO ENHANCE IT SECURITY
WHAT ARE AUSTRALIAN
COMPANIES DOING
69%
47%
39%
38%
29%
Enhancing/implementing mobile device security
Managing Advanced Persistent Threats (APTs)
Contracting with third-party vendors or
adding tools to enhance security
Enhancing cloud security
Implementing multi-factor authentication
processes (e.g. tokens, biometrics)
9. roberthalf.com.au
© 2016 Robert Half International Inc. RH-1016
WHY CYBER-SECURITY SHOULD
BE A PRIORITY FOR SMEs
For SMEs, the rise of mobile
technology, cloud technology and
other interactive tools have created
more business opportunities.
At the same time, cyber-attackers
have gained access to some large
companies through their supply chain
that lacked effective protection.
HOWEVER!
10. roberthalf.com.au
© 2016 Robert Half International Inc. RH-1016
BUSINESSES ARE RELYING ON A MIXED WORKFORCE
COMPANIES NEED TO STAFF UP
PERMANENT SPECIALISTS RISK CONSULTANCIESCONTRACT SPECIALISTS
While having in-house IT security experts is preferable, businesses are changing their hiring strategies to
include a mixed workforce of permanent and contract specialists, including external risk consultancies.
11. roberthalf.com.au
© 2016 Robert Half International Inc. RH-1016
COMPANIES NEED TO STAFF UP
75%
of Australian CIOs say they will face
more security threats in the next five years
due to a shortage of IT security talent
12. roberthalf.com.au
© 2016 Robert Half International Inc. RH-1016
MOST IN DEMAND AND MOST CHALLENGING TO FIND
TOP 3 TECHNICAL SKILLS
IN IT SECURITY
CLOUD SECURITY BIG DATA/DATA ANALYTICS
1 2 3HACKING/PENETRATION
TESTING
13. roberthalf.com.au
© 2016 Robert Half International Inc. RH-1016
DON’T FORGET ABOUT THE SOFT SKILLS!
CYBER-SECURITY SKILLS,
A HOT COMMODITY
ANALYTICAL SKILLS COMMUNICATION SKILLSBUSINESS ACUMEN
14. roberthalf.com.au
© 2016 Robert Half International Inc. RH-1016
IT SECURITY CHECKLIST
Companies need to keep in mind 6 core steps when developing
and implementing an effective security program.
Develop policies and processes that
will help your company prevent and
defend itself against cyber-attacks.
1. BE PROACTIVE
Use the available data to identify which
risks are emerging and receding and
in which areas you need to implement
additional cyber-defences.
2. USE BIG DATA
Create a talent pipeline by investing
in your IT professionals through
extensive training, or by hiring
additional team members or an
external consultancy.
4. HAVE THE NECESSARY SKILLS
Encourage regular training of all
personnel on cyber-security policies
and corporate practices.
6. SUPPORT TRAINING
Make everyone in the company
aware of the risks associated
with email, social media and
confidential information.
5. GET EVERYONE INVOLVED
3. TREAT IT SECURITY AS A CONTINUOUS
ENTERPRISE-WIDE PROCESS
Consistently test and re-evaluate
existing processes and systems
that are designed to minimise the
inherent risks.