2012 Global Information Security Survey - Fighting to close the gap
A torrent of technology
Businesses need to explore, implement and refine new technologies to continue growing, evolving and adapting to change – particularly as threats evolve and risks grow.
But the very technologies that help propel a business forward are the same ones that create new risks. New technologies open up tremendous opportunities for organizations, but the information security function needs to pay particular attention to, and manage, the associated risks.
Innovation is the secret weapon that will help businesses keep pace with change.
Up in the cloud
Cloud computing continues to be one of the main drivers of business model innovation and IT service delivery:
- In 2010, only 30% of organizations indicated they were currently using or planned to use cloud computing services.
- In 2011, that number rose to 44%.
- Today, 59% of organizations are in, or are headed to, the cloud.
Although a majority of respondents indicate they are using, or will use, the cloud in the next 12 months, 38% have not taken any measures to mitigate the associated risks. This number is down from more than 50% in 2011 as organizations recognize the risks, but a significant number of organizations remain vulnerable.
Social media in business
Social media is now considered a key component of product development, feedback and customer interaction and engagement. It has reinvented the relationship between organizations, customers, employees, suppliers and regulators.
But, in addition to the many opportunities that social media generates, there are also many new challenges. In a 24/7, anytime, anywhere world, social media — and everyone who has internet access — can quickly build an organization’s brand, and just as quickly crush it.
- Data security
- Privacy concerns
- Regulatory and compliance requirements
- Issues over employees’ use of work time and business tools to engage in social media
Our survey shows that 38% of organizations do not have a coordinated approach to address social media usage within or by their organization. The result is an increase in overall risk and limited capability to fully exploit social media channels in the future.
For those organizations that do have a formal approach for using social media, the most frequently implemented risk mitigation measures include: limited or no access to social media sites (45%), policy adjustments (45%) and awareness programs (40%).
Making the most of mobile
Once meant solely for telephone calls, mobile devices today are a vital communications tool and knowledge source for both business and personal activities. They enable connectivity to the internet and cloud on a 24/7 basis.
According to our survey, tablet computer use for business has more than doubled since last year. From 20% in 2011, 44% of organizations now allow the use of company or privately-owned tablets within their organization:
- 19% indicate that company-owned tablets are widely in use
- 13% support the use of privately-owned tablets through a “bring your own device” policy
- 12% allow the private use of tablets, but do not support them
As the mobility of today’s workforce continues to grow, the phrase “out of the office” becomes less relevant. And the dramatic increase in the flow of information in and out of the organization becomes more difficult to control.
52% of respondents have implemented policy adjustments and 40% have invested in information security awareness programs. But organizations recognize the need to do more.
The global digitization of products, services and processes has had a profound impact on organizations. The availability of huge amounts of data creates fantastic opportunities to extract insight and value.
Organizations that master the discipline of big data management can reap significant rewards and separate themselves from their competitors. However, for all the benefits, organizations also need to be aware of the challenges.
Over the last five years, organizations have experienced a rise in the volume of intentional and unintentional data leakage. Increasingly, sophisticated malware is providing a conduit for sensitive information to be released unknowingly outside the organization.
This year’s survey suggests that most organizations have defined a policy regarding information classification (72%) and many organizations (68%) have executed awareness programs. The adoption of DLP (data loss prevention) technology, however, remains relatively low (38%).