INFOTECH: Companies Heighten Efforts to Manage Information Security
Recent Gauteng Business News
These were among the findings of the 2012 Global State of Information Security Survey®, the largest of its kind, conducted by PwC in conjunction with CIO Magazine and CSO Magazine.
The survey of 9 600 business and IT executives from 138 countries, including South Africa, shows companies today have greater insights than ever before into cyber crime, says Kris Budnik, head of PwC South Africas Information Security practice. They are translating this information into investments focused on three areas: better incident detection and management capabilities, and tighter security of their web services though there is a danger that these investments may not be adequate.
This paints a different picture to that of a few years ago when almost half of all respondents couldnt answer the most basic questions about the nature of security-related breaches.
Confidence Increases in Information Security
Approximately 80% of survey respondents can now provide specific security-related information about the frequency, type and source of security breaches their organisations faced this year. More than seven out of ten feel confident, at some level, in the effectiveness of their organisations information security capabilities.
Budnik adds that while local representation in the survey was small, the surveys findings closely mirror the situation in South Africa where companies grapple with the same security issues.
Security is very resource-intensive and local companies tend to do more with less, but our level of awareness matches that of the rest of the globe, he says.
Despite increased confidence around security, vulnerabilities keep multiplying and still require attention especially given the many new dimensions of cyber crime, says Budnik.
Information Security for Mobile Devices and Social Media
Mobile devices and social media represent a significant new line of risk and a demand for management response. The survey showed fewer than 43% of respondents having a security strategy for employee use of personal devices and only a third having one for mobile devices and social media.
While organisations are beginning to increase efforts to manage mobile and social media risks, these percentages are disappointing, says Budnik. Many organisations believe they are dealing with the issues simply by blocking the use of personal devices or limiting access to social media but, in doing so are losing out on significant advantages that these may bring to their business, including innovation, thought leadership and quick decision-making.
Cloud computing has gained momentum, improving but also complicating the security landscape. More than four out of ten respondents report that their organisation uses cloud computing 69% for software-as-a-service, 47% for infrastructure-as-a-service and 33% for platform-as-a-service.
The companies surveyed are split on whether their use of cloud technologies has weakened or improved security (54% of organisations say that cloud technologies have improved security). The largest perceived risk is the uncertainty in enforcing security policies with the service provider.
Use of cloud services in South Africa follows similar patters and local companies share the same concerns, says Budnik. In my opinion, cloud computing enhances security. Because security is strategic to the delivery of the cloud service, providers pay more attention to it than would probably occur inhouse.
Security-related risks associated with partners, vendors and suppliers have always been an issue but the latest survey suggests the situation is getting worse. While it is generally acknowledged that the most common source of security breaches are employees, not enough attention is paid to other classes of insiders such as business partners and suppliers. And, as many companies now invite customers inside their network, customers are becoming a potential source of threat as well for information security.
Business News Sector Tags: