Too many organisations still taking a reactive line on security threats which leaves them vulnerable Lack of awareness and lack of good practice, are the biggest threats to IT security, says Nicolai Solling, from end users being careless with passwords, lack of encryption of data through to corporations that have not secured corporate data on mobile devices.
The company works closely with a number of customers in the Oil & Gas sector, where Solling says he has seen some progress in uptake of solutions and practices, in part due to attacks on the energy sector such as Stuxnet that affected industrial control systems. “Over the last couple of years, we see the malware becoming more and more advanced. I am sure that something like the incidents that targeted the Iranian nuclear reactors, that those speciﬁc events deﬁnitely had an echoing effect on the oil and gas sector,” he says. Some companies in the Oil & Gas sector are now putting staff in place that are solely responsible for securing industrial control systems, but Solling says the IT industry and end user attitudes as whole still needs to change: “My personal opinion is that we are still being too reactive to security in general, a more proactive or strategic approach to security is still lacking.”