2012 Global Information Security Survey
Fighting to close the gap
Our 15th annual Global Information Security Survey suggests that organizations are taking steps to enhance their information security capabilities, but few are keeping up with an ever-changing risk landscape.
Virtualization, cloud computing, social media, mobile devices, the disappearing lines that once divided business and personal IT activities – as each year passes, the speed and complexity of change accelerates.
Unfathomable just a few years ago, the velocity of change in information security is staggering.
Combined with the ever-growing incidents of cyber crime and advanced persistent threats, this is creating a gap between where an organization’s information security program is and where it needs to be.
The origins of the gap are as complex. However, based on our survey results, the issues can be organized into four distinct categories:
- Alignment with the business
- Insufficient resources with the right skills and training
- Processes and architecture
- New and evolving technologies
What cannot be categorized yet are the issues looming on the horizon in the form of governmental intervention and regulatory pressures to address information security risk.
Short-term fixes and bolt-on solutions are not enough. Organizations fighting to narrow the gap need to take four steps to fundamentally shift how their information security functions operate:
- Link the information security strategy to the business strategy, and the overall desired results for the business.
- Start with a blank sheet when considering new technologies and redesigning the architecture, to better define what needs to be done. This presents an opportunity to break down barriers and remove existing biases that may hamper fundamental change.
- Execute the transformation by creating an environment that enables the organization to successfully and sustainably change the way information security is delivered.
- When considering new technologies, conduct a deep dive into the opportunities and the risks they present. Social media, big data, cloud and mobile are here to stay, but organizations must prepare for their use.
Effective information security transformation does not require complex technology solutions. It requires leadership and the commitment, capacity and willingness to act.