2012 Global Information Security Survey - Fighting to close the gap
Speed of change, increasing threats, looming gaps
The velocity of change in information security can be dizzying if we think about how quickly and how far technology has evolved in such a short period of time.
The rise of emerging markets, the financial crisis and offshoring only add to the complexity of ever-evolving information security issues — and the urgency to address them.
Our survey results suggest that for as many steps as organizations are taking to enhance their information security capabilities, few are keeping up with what is going on around them. Even fewer are able to get far enough ahead to anticipate not only today’s threats, but also tomorrow’s.
Despite all the improvements organizations are making, the pace of change is picking up speed.
Accelerating external attacks
In 2009, 41% of respondents noticed an increase in external attacks. By 2011, that number had leapt to 72%.
This year, the number of respondents indicating an increase in external threats has risen again to 77%. Examples of accelerating external threats include hacktivism, state-sponsored espionage, organized crime and terrorism.
In this year’s survey, nearly half of respondents (46%) say they have noticed an increase in internal vulnerabilities. 37% rank careless or unaware employees as the threat that has increased the most over the last 12 months.
Future government intervention
There are still more gaps on the horizon in the form of government intervention and new regulatory pressures.
Although individual businesses worry about their own performance, governments want reassurance that organizations providing key services that support the continued well-being of society can continue to operate with the minimum of disruption, whatever the circumstances.
Energy companies, telecoms, water suppliers, food producers and distributors, healthcare and financial services companies will all be expected to implement robust measures to safeguard against an information security incident that could interrupt or damage operations.
Governments don’t just have the protection of its citizens to consider, but also reputation and the protection of GDP. Governments are likely to start producing directives — backed by regulators — to any organization it considers economically critical, to ensure it does not fall victim to an information security threat.
Ideally, businesses would come together of their own volition to share experiences and establish common frameworks and solutions. It has worked for other issues and it may be the best choice organizations have to stem the flow of impending regulation.