The dirty war on information security
scoop.co.nz | Sep 20th 2013 11:59 AM
News release, The dirty war on information security
Publication – Defending Tomorrow: The Global State of Information Security Survey
The dirty war on information security
Organisations are raising the bar to protect themselves from information security risks, but losing the battle against adversaries who are doing even more, according to The Global State of Information Security® Survey 2014, released today by PwC.
In conjunction with CIO and CSO magazines, the global survey asked more than 9,600 business, security and IT executives to describe the information security threats their organisations face and how they are defending themselves.
PwC Security and Technology Partner Colin Slater says, “Businesses are being outpaced and outsmarted by determined attackers who are deploying the latest technologies to cause harm.
“Encouragingly, organisations are spending more and recognise the importance of information security, yet need to stop fighting security battles of today with the tools and strategies of yesterday to increase their effectiveness.”
This year’s survey found the number of security incidents detected in the past 12 months has increased by 25% over last year, while the average financial costs of incidents are up 18%.
“New Zealand businesses should pay heed to these global findings. We may be geographically isolated, but in this online and digitally connected world we’re just as vulnerable to threats as businesses in the US, UK, Australia or China.
“We can’t afford to be naive to the risks we face as the costs and complexities of responding to attacks continue to rise. Looking at the recent public sector focus, The Government CIO has been instrumental in establishing a stronger understanding of the relative issues. We can look at this approach as something to elevate the thinking and help us get at least onto the curve of understanding these risks,” adds Mr Slater.
Alarmingly it was found financial losses are accelerating sharply among those that report a high-dollar value impact: respondents who reported losses of US$10 million-plus have increased by more than 50% since 2011.
“New models of information security strategies and practices are needed to be better prepared. This also means coming to the realisation that safeguarding everything to the same threat level is no longer possible. Businesses need to identify and prioritise what’s most important to them and focus their resources on protecting that,” says Mr Slater.
In today’s elevated threat landscape, PwC recommends organisations rethink their security strategy so that it is integrated with business needs and prioritised by business leaders.
“Eighty percent of respondents told us their information security spend is aligned to business objectives. It suggests business leaders are beginning to understand how IT security impacts their bottom line. But business leaders need to go a step further and create a culture of security awareness throughout their organisations to increase knowledge and vigilance. Collaboration, with those inside and even outside your business, is becoming a key weapon in fighting back.”
Another key security risk is the adoption of mobile technology tools, such as smart phones, tablets and the proliferation of cloud computing services. Efforts to implement mobile security programs continue to trail the increasing use of mobile devices, while of the 47% of respondents who use cloud computing only 18% say they have policies for governing its use.
“Technology and how we use it is constantly evolving. We need to find the optimal point between being afraid to adopt new technologies that will increase our competitive positions, and seriously addressing security implications,” says Mr Slater.
Respondents say the top three obstacles to improving security are: insufficient capital funding, a lack of vision on how future business needs will impact security, and a lack of leadership from the CEO or Board.
“Surprisingly, CEOs were most likely to name themselves as the greatest obstacle to improving their organisations information security practices, with the majority of CFOs in agreement,” concludes Mr Slater.
Most respondents cite insiders, particularly current or former employees, as a source of security incidents. And while many believe nation-states cause the most threats, only 4% of respondents cited them, whereas 32% pinpoint hackers as a source of outsider security incidents.
To explore the survey findings by industry and region, visit http://www.pwc.co.nz/gsiss2014.
– Ends –
© Scoop Media