Security threats an afterthought in the race to adopt new technologies and social media
- 76% of respondents see an increasing level of risk due to increased external threats
- 50% are spending more on business continuity in Australia following this year’s natural disasters
- 60% say increased adoption of tablet computers and smart phones is the biggest challenge
Thursday, 3 November 2011 — In the race to adopt new technologies and move into the increasingly borderless world of cloud computing and social media, the gap between business needs and tackling new and complex security threats is growing.
According to Ernst & Young’s 14th annual Global Information Security Survey which surveyed more than 1,700 organisations globally including 165 in Australia, 76% of respondents believe there is an increasing level of risk due to increased external threats. However, only 42% of respondents have updated their information security strategy in the past 12 months.
Mike Trovato, Ernst & Young Information Security Leader said: “We may have thought the pace of change in technology couldn’t possibly move any faster, but with the adoption of new technologies occurring at lightning speed, so too rises the threat of security breaches on a global scale.”
Mr Trovato said while Australian organisations were slower on the uptake of integrating mobile devices into business-as-usual, they were adopting cloud technologies at a faster rate than their global counterparts.
“Only 28% of Australian organisations are currently using mobile tablets with 53% evaluating or adopting very limited use of the devises for business purposes. This is in stark contrast to 80% of organisations globally already using tablets,” Mr Trovato said.
Mr Trovato said more Australian organisations (69% versus the global result of 61%) were already using or considering the use of cloud computing services within the next year, but preparing business against the threat of security breaches was ranking much further down the priority list.
“On the flip side, Australians place more importance on ensuring technology supports business continuity than the rest of the world with half of all respondents spending more in this area.
“While this is the unfortunate consequence of the devastating natural disasters experienced in Australia over the past 12 months, this means we are acutely aware of and focusing on business continuity,” Mr Trovato said.
“For the fifth year running compliance and privacy issues remain the top concerns.
“We are seeing regulators across Australia and the Asia-Pacific region continuing to add and amend existing guidelines following the past years’ high profile breaches. Because of this and the importance of continuity of service and availability, management and board level concerns remain high,” Mr Trovato said.
- Nearly 60% of respondents plan on increasing their information security budgets in the coming 12 months. However, less than half (48%) of respondents stated that they have a documented information security strategy.
- Identity and access management technologies are a top information security funding priority for the coming 12 months, followed by data leakage.
- Overall, for the second consecutive year, respondents have indicated that business continuity is their top funding priority, and their strategies are continuously updated, tested and approved by management.
Mobile tablets and skills shortages
- In 2011, 60% of respondents listed increased adoption of tablet computers, smart phones and other mobile devices as the most difficult or very difficult challenge. This is followed by availability of skilled resources (59%) which is in line with the current tight labour market.
- Policy adjustments and awareness programs are the top two measures used to address risks posed by this new mobile technology. The adoption of security techniques and software, however, is still low with encryption techniques used by fewer than half (45%) of the organisations.
Building trust in the cloud
Despite the compelling story for cloud adoption, many organisations in Australia are still unclear of the security implications of cloud and are slow to adopt therefore falling behind their global counterparts.
“Understandably navigating the cloud is unchartered territory. What we are seeing is organisations either moving to the cloud prematurely and without appropriately considering the associated risk, or avoiding it altogether. Although many organisations have moved to the cloud already, many have done so reluctantly to avoid losing market share or being left behind in the technology race,” Mr Trovato said.
“Sixty-six per cent of respondents are in favour of external certification, with 35% saying this should be based only on an agreed-upon standard. Although the survey reveals there is good support for certification, too few organisations have sought certifications or done their own security site assessments. So, while their greatest fear is losing sight of data in the cloud, few actually go looking for controls.
“While there is work being done in this area globally, organisations cannot rely on external bodies to address all of the risks associated with cloud computing. The risks are undoubtedly significant and must be managed within an organisation by implementing formal IT risk management procedures,” Mr Trovato added.
To help address potential risks posed by social media, organisations are implementing policy adjustments (55%), security and social media awareness programs (48%), as well as limiting access to sites (44%).
Top level priority
The survey shows that only 11% of respondents are presenting information security topics at each board meeting and 40% quarterly. Less than half (49%) stated that their information security function is meeting the needs of the organisation.
“It’s clearly time that we stopped approaching information security risks reactively. Technology is embedded in almost every business process and managing risk needs to be a holistic proposition taking into account the entire IT landscape.
“It’s surely time that information security was elevated to the board room with a clearly defined strategy that will support the business in the cloud and elsewhere, it is time for a re-think.” Mr Trovato concluded.
About Ernst & Young
Ernst & Young is a global leader in assurance, tax, transaction and advisory services. Worldwide, our 152,000 people are united by our shared values and an unwavering commitment to quality. We make a difference by helping our people, our clients and our wider communities achieve their potential.
Ernst & Young refers to the global organisation of member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit www.ey.com
This news release has been issued by Ernst & Young Australia, a member firm of Ernst & Young Global Limited.
Liability limited by a scheme approved under Professional Standards Legislation.
Ernst & Young Australia
Tel: + 61 3 9288 8322 or 0411 245 099