Security and privacy concerns
The third edition of the Deloitte Global TMT Security Survey reveals that social media tools and regulatory issues are areas of concern for business. It was further shown that companies in the technology, media and telecommunications industries significantly reduced investment in security spending in 2008.
The research reveals that 32% of respondents reduced their information security budgets, while 60% of respondents believe they are “falling behind” or still “catching up” to their security threats – a significant increase from 49% over the previous year.
“This year’s results indicate companies are explicitly scaling back, which is having a detrimental impact on all aspects of TMT security,” said Reinhardt Buys, a senior technology lawyer at Deloitte Legal in Johannesburg.
“Companies that under-invest in security now may find themselves vulnerable and unable to keep pace with the growing threats from increasingly sophisticated attacks and emerging technologies.”
With the proliferation of digitized assets, security should claim a significant portion of a company’s overall IT budget. However, only 6% of respondents allocate 7% or more of their total budget to IT security. This year represents a significant decline from the previous edition of the survey, which showed that 36% of the respondents allocated 7% or more of their budget to IT security.
The survey also indicates that declining security investment is hindering adoption of new security technologies, with only 53% of respondents considering their organizations to be early adopters, or part of the early majority, down from 67% in 2007. Companies are focusing more effort on optimizing solutions that are already in place rather than investing in cutting-edge technology that can be capitalized upon during economic recovery.
While social networks (like Facebook and Twitter) and blogs can be powerful enablers, they also increase organizations’ internal security challenges. In today’s connected world, insider threats are greater than ever.
Survey results show that “exploitation of vulnerabilities in web 2.0 technologies” and “social engineering” techniques such as pretexting and phishing are regarded as a threat to a company’s information security, with 83% and 80% of respondents respectively.
According to Buys the survey confirms that the biggest security risks are internal – negligent and disgruntled staff members.
Furthermore, generational differences have a major influence on perceptions of privacy. Information sharing for the youngest generation of TMT workers can test the limits of traditional privacy laws. In contrast, older generations have a different perspective on privacy. Survey respondents recognize this issue, with 56 % rating “cultural interpretations” as an “average” to “very high” threat to their information security.
Companies do not have the necessary resources in place to cope with emerging network vulnerabilities. Only 47% of those surveyed currently have a privacy program in place, and only 44% have an executive responsible for privacy – the latter down from 50% a year earlier.
This aligns with the fact that many TMT companies do not have a program for managing privacy compliance (33%), a written privacy policy (28%), nor a formal directive with respect to the destruction of personal information (28%).
“Information and intellectual property are the lifeblood of a TMT company,” said Buys. “Protecting these precious assets, often in open and collaborative business environments must be the imperative for organizations.”
TMT companies face a myriad of rules and regulations that relate to information security and strict compliance is critical, particularly in a tough economy. Failure to comply can expose a company to hefty fines and significant liability.
However, compliance with rules and regulations may not be sufficient for TMT companies to mitigate their information security risks. Over 67% of respondents say that regulatory security requirements are at best “somewhat effective” for improving their information security posture. A majority (57%) of respondents believe that effectively meeting regulatory requirements is either inadequately funded or missing senior executive support.
“A few important lessons can be learned from the survey results,” said Buys.
“Companies that underinvest in security now may find themselves exposed when the economy recovers. In addition to increased protection of intangible assets, a main priority needs to be protecting your organisation from itself. Business will also be well advised to outsource specialised security needs like forensics, legal support and regulatory compliance,” he concludes.
Security and privacy discussion
Loading ...