Citrix announced new research which revealed that an average of £27,818 is now spent by many local authorities on health and safety training. This is considerably more than the amount being committed to data protection and IT security training – just £3,378 per local authority. Mark James, Security Specialist at ESET commented below.
Mark James, Security Specialist at ESET:
“Sadly investing in IT security usually falls quite low in the spending list for most local authorities. The consequences for failures in IT Sec are significantly lower than other areas with no clear guidelines on what constitutes a failure. If you back that up with unsuccessful or fairly insignificant fines then in most cases it’s easier to do something about it after it happens than before.
IT Security requires knowledge and expertise in a field that changes so regularly, there’s no rulebook or defined danger areas as attacks could in theory come from anywhere. Training staff in the possible dangers of lapse security is just as hard, in most cases within this industry people’s daily workload gets increased, hours get reduced and within that staff are still required to be responsible themselves for security.
Effective security needs to be multi-layered and enforced by every single person, the bad guys (or gals) only have to be successful once. We also need to consider that investment may already be made in technology that was deemed at one point safe or no risk that now has a risk factor associated with it, the cost of which to replace is prohibitive. The bottom line is financially driven, effective IT security costs money, time and resources, it has to come from somewhere and with limited budgets choices need to be made often by non-technical people as where to best place it.”