Gilbert Chan, Executive director of Manetic, presents the findings of the “Macau Information Security Survey 2015”
According to the results of the “Macau Information Security Survey 2015” conducted by the Macau New Technologies Incubator Center (Manetic), the government sector continues to lag behind the private sector in terms of information security.
Organized by Manetic, in coordination with the Public Administration and Civil Service Bureau, the Information Systems Audit and Control Association and the Macau Computer Emergency Response Team Coordination Center, the survey concluded that the private sector has marginally increased its lead over the public sector since 2013.
However, in terms of broader cyber security strategies, Manetic notes that the government’s plans are far more comprehensive – better addressing what the organization deems to be the six key areas of IT security: “policy”; “control”; “incident”; “effectiveness”; “cloud adoption”; and “web server adoption.”
The executive director of Manetic, Gilbert Chan, presented the findings of this year’s survey to a press briefing yesterday. He explained that the survey results comprised data gathered from a total of 95 organizations in Macau between October 12 and November 5 last year.
Approximately 55 percent of the entities surveyed were
government-sector organizations, while the remaining were from various sectors in the private sphere, including ICT, public utilities, banking, retail, gaming and educational institutions.
One of the major findings of the survey concerned the proportion of the IT budget of organizations that is intended for information security purposes, which Manetic says has “increased significantly in the past six years.”
Manetic believes that most organizations spent around 6–10 percent of their IT budget on security, indicating a growing interest.
In 2015, 11 percent of those surveyed spent more than 20 percent of their budget on security-related projects, compared with 9 percent in 2010. While 29 percent spent between 2 and 5 percent of their budget on their information security in 2010, the figure for that category had dropped last year with only around 15 percent of organizations making that investment.
In addition, organizations are reportedly moving away from hiring “part-time” or “ad hoc” employees for information security. They instead prefer to hire “full-time” or “dedicated” staff. This represents a shift in perception among management personnel about the importance of information security.
While 19 percent of non-
government-sector organizations have not implemented training programs for employees to update information security skills for IT staff in the past 12 months, the figure stands at 25 percent for the government sector.
The government sector was also lagging slightly behind the private sector in terms of the use of safe webservers. The report found that a higher proportion of government-sector organisations were operating on outdated or unpatched servers, representing a potential cyber security threat.
Across both the private and public spheres, around 40 percent of webservers in the 2015 survey were deemed to be outdated or unpatched, marking significant growth in recent years from 2014 (35 percent) and 2013 (31 percent).
Another major finding concerned the adoption of cloud computing by organizations – or the storage of data on remote servers. Around 35 percent of respondents said that they use cloud-based services for IT-
related projects.
However, only 8 percent of those surveyed identified “security issues” as a reason for not adopting cloud-based services. Respondents explained their non-adoption by citing concerns over the reliability of cloud services (31 percent), lack of knowledge of the technology (22 percent) and concerns over loss of data (19 percent).
No Comments