“As we get better from a technology standpoint, many organisations seem to believe that solutions alone are sufficient to turn back all attacks, and a level of complacency may be setting in,” says Brian McCarthy, chief operating officer at CompTIA.
Despite the bulging armoury of anti-virus, intrusion detection systems, disaster recovery plans and other security measures, most firms tend to overlook staff training. Just 29% of the 574 companies surveyed have compulsory staff security training and only 36% implement security awareness training.
Roughly 4 in 10 of the firms have suffered attacks in the last year. Worms and viruses are the chief security critters, but poor user awareness and remote access are also big causes of problems.