10WWW.IWR.CO.UK/ANALYSIS
Safety first as the recession bites
British companies are maintaining their security spend during the tough times,
but they could learn from their competitors in Asia
a160 ANALYSIS realise a better return on investment for other countries. This adds another risks. It’s no longer enough just to block
First, the good news. Nearly two out the business. dimension to the risks involved.” employee access to certain sites; these
of three (63%) information managers The list of new investments in the tools are pervasive and staff will always
expect spending on infosecurity to stay infosecurity area is topped by the SOCIAL MEDIA WORRIES find a way round any restrictions,” said
the same or even increase despite their increasing use of biometrics, especially A staggering 80% of organisations Craig Carpenter, vice president general
companies remaining cash-strapped in in China, where 69% of respondents worldwide have no policies for social counsel at Recommind, the information
the recession. reported using it to protect information, networking. The PwC survey spotted risk management solutions provider.
According to the seventh annual compared with just 22% in the UK. growth in the number of employees He added: “Too many UK organisa-
Global State of Information Security And there’s more bad news. Only accessing social networks from work tions are still labouring under the mis-
survey published by Pricewaterhouse- 37% of UK respondents said their and the risks this behaviour brings with apprehension that e-disclosure is an
Coopers last October, information secu- organisation had an accurate invento- it. According to 40% of respondents, American problem, but it increasingly
rity budgets are safer than anticipated, ry of where sensitive data was stored.
at least for now. Just 37% employed a chief informa-
With just 12% of respondents tion security officer, and less than half
“Good security practice needs to be
believing that spending on information (47%) said they had a disaster recov-
security will be cut over the next 12 ery plan; both figures were even high-
embedded into the DNA of a business, not
months, up from 5% last year, William er in the US.
bolted on as an afterthought”
Beer, director of PwC’s One Security Experts agreed that while budgets
practice, said: “The recession means were stable globally, information secu-
all budgets are under pressure, but rity departments were under increased
many companies know that now is not pressure to “perform” and provide their organisa- affects businesses all over the world.
the time to slash their security spend.” companies with a tangible return on tions have sec- With information from social media
Jon Hayton, a director in PwC’s foren- their investment. urity technolo- sites now being required – on top of the
sic investigations team, said the findings Other findings were that 40% of gies that support already ever expanding volume of
matched what PwC was hearing from its respondents thought that threats Web 2.0-based email, documents and other electroni-
clients in the UK. “It is good that compa- to the security of their compa- exchanges such cally stored information – the potential
nies have chosen not to slash security nies’ data had increased over as social net- cost and time implications for dealing
budgets,” he said, “but good security the last year and, of those, works, blogs with such requests are huge.”
practice needs to be embedded into the a similar proportion said and wikis. And
DNA of a business, not bolted on as an risks had increased due while around a INTEGRATION, NOT PROHIBITION
afterthought. Unfortunately there are to employee lay-offs as third audit and Recommind advises UK companies not
many organisations where this is still the a result of the recession. monitor postings to restrict employee access to social
case and it makes their security perform- When asked what they saw to external blogs or media sites but to ensure these tools
ance very fragile. When it goes, it can go as their biggest priorities, information social networking and applications are integrated into
very quickly. I have seen good security managers highlighted the need for an sites, only 23% have corporate information and risk man-
practices fall apart in months.” increased focus on data protec- security policies that agement policies. This way, businesses
And now for the bad news. UK com- tion and a more intelligent pri- address this. will be well prepared should they be
panies and security professionals lag in oritisation of security invest- Statistics from interna- required to produce information from
their awareness and initiatives on info- ments based on risk. tional law firm Fulbright & these sites within the tight deadlines
security issues, with almost half of UK Beer said: “There is a Jaworski on enterprise- often set by investigators or the court.
executives (49%) polled in the survey host of new and emerg- level use of social media In tune with Fulbright’s report, PwC
saying they did not know how many ing threats, from illustrate the concern. respondents said that the complexity of
security incidents their organisations complex malware The law firm’s 2009 the regulatory environment was one of
had experienced over the preceding 12 to attacks from litigation trends their chief concerns for information
months, compared with just 7% of their cyber-criminals survey shows security to provide return on investment.
Chinese counterparts. and electron- that informa- On a positive note, experts welcomed
ic espionage, tion from the rapid convergence in perspective –
LOSING GROUND all of which social media the same survey last year revealed a 16%
The report suggests that British busi- can result in sites is increas- misalignment between information secu-
nesses and public sector organisations material loss and ingly demanded rity policies and business objectives. a73
are losing ground to many of their r eputational as part of regulato- Archana Venkatraman
major overseas trading partners when damage. ry investigations. The
it comes to protecting and securing “We’re survey showed 52% of
data – a crucial asset. also aware UK organisations restrict
Gathering the data
It says that Asian organisations have that, at a employee access to social
PwC in association with CIO and
a deeper understanding about where senior media sites like Facebook,
CSO magazines conducted the
the threats to their assets are coming level, UK MySpace, Bebo, LinkedIn,
international survey of their clients
from than Western ones and are likely execu- Plaxo, Twitter and YouTube.
and readers between 22 April and
to know not only the number of secu- tives are According to Fulbright, this may be
15 June 2009. Results are based on
rity incidents logged in the past 12 extremely because 18% of those surveyed in the
responses from more than 7,200
months but also the source and type of anxious about UK reported that in the last year they
chief information professionals,
the attack. moving to digital business models, had been required to produce informa-
vice presidents and directors of IT
This knowledge advantage will make where core information assets, such as tion from one or more of these sites as
and information security from 130
it easier for them to take a more effec- customer data and intellectual proper- part of an e-disclosure request. In the
countries. The UK sample involved
tive risk-based approach to security ty, may be shared with business part- US, the figure was 4%.
455 respondents.
investments in the coming year, and so ners and outsourced suppliers, often in “Businesses need to wake up to the
INFORMATION WORLD REVIEW DECEMBER 2009/JANUARY 2010 WWW.IWR.CO.UK
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44