Attacks on corporate information security increasing: Ernst & Young
Dubai, 12 January 2010 – Outpacing Change: Ernst & Young’s 2009 Global Information Security Survey, which polled more than 170 senior IT executives in the Middle East and Africa, reveals that external and internal attacks on information security this year have increased by 41 per cent and 25 per cent respectively. In addition, regulatory compliance costs were accounting for moderate to significant increases in information security costs for 55 per cent of respondents. Only 6 per cent plan on spending less over the next 12 months on regulatory compliance.
The survey also revealed that retaliation from employees who were recently retrenched due to the economic downturn and a lack of adequate security budgets and resources are becoming major concerns for senior IT professionals. 75 per cent of respondents were concerned with possible retaliation from retrenched employees who have recently left their organizations, while 50 per cent of respondents ranked a lack of resources as a high or significant challenge; a notable increase of 17 percentage points over 2008.
Meraj Ahmed, Leader of Ernst & Young’s IT Risk and Assurance Services in the Middle East, comments: “While increased pressure to reduce costs and increased government and industry regulation has presented new risks and challenges, organizations across the region are now focusing on the overall health of their information security programs.. Companies recognize that for their investment to be effective, they need to undertake a specific risk assessment of their exposure and put in place risk-based responses.”
40 per cent indicated that they planned to increase their annual investment in information security as a percentage of total expenditures and 52 per cent planned on maintaining the same level of spending in 2010.
Leveraging technology
Due to a heightening occurrence of data breaches, Data Leakage Prevention (DLP) technology is the second-highest security priority in the coming 12 months, identified by 40 per cent of respondents as one of their top three priorities. Data leakage prevention is the combination of tools and processes for identifying, monitoring and protecting sensitive data or information. Privacy and protection of personal data will become an even greater challenge for organizations as new technologies and services such as social networking, virtualization, cloud computing and radio-frequency identification (RFID) gain more widespread use.
One of the most startling findings is how few companies are encrypting their laptops. Only 41 per cent of respondents are currently encrypting them with only 17 per cent planning to do so in the next year. This is surprising for a number of reasons: the number of breaches that have occurred due to loss or theft of laptops; the fact that the technology is readily available and affordable to implement; and that the impact to users during deployment is relatively low and should no longer be a barrier.
Meraj concludes: “Information security today requires more investment, as organizations aim to catch up with an accelerating and more complex threat landscape. To do so in today’s environment, however, the sector will need to further improve its efficiency and effectiveness and demonstrate the strategic value it provides”.
