It seems to me that corporate security is some sort of race, with companies constantly chasing after hackers for first place. With hackers continually on to the next scheme before companies even detect something's wrong, will companies ever be able to catch up?
The 2010 Financial Services Global Security Study conducted by Deloitte communicates that corporate IT departments might be getting their acts together.
The Deloitte Survey
For the past 7 years, Deloitte has conducted a global survey of the financial industry to understand where companies are at and where the plan on going in relation to corporate security.
However, out of all of those years, this year is the first one where it really seems like progress is being made and companies are taking corporate security seriously.
Some of the "firsts" identified in this year's survey include:
- "Organizations are proactive, embracing new technologies as "early majority adopters," no longer content, as "late majority adopters," to simply be reactive.
- The lowest percentage of respondents, 36%, stated that "lack of sufficient budget" is the major barrier to ensuring information security, compared to 56% last year.
- Information security compliance (internal/external audit) remediation is a top five security initiative as organizations gear up for increased regulation and legislation.
- Over half of the organizations surveyed state that physical information, such as paper, is within the mandate of the scope of the executive responsible for information security. The response, 59%, is still too low, indicating a security gap, but in our opinion, is moving in the right direction."
Taking Advantage of Opportunity
The public doesn't care how their information got leaked; all they care about is that it happened. Companies finally realize that they can no longer justify failing to protect information because "they trust their employees."
This approach has left companies burned by employee after employee, signaling that the cycle needs to end. There have been many cases reported where disgruntled employees felt the company "owed" them and would sell trade secrets or steal private company information as a way to retaliate.
To be completely proactive when it comes to corporate security, each employee must work with management and IT to make sure information remains secure.
One of the things I found interesting in the Deloitte survey was that 70% of the respondents stated that in the next year they had plans to implement at least one information security technology. Corporate security technologies have continued to advance and become easier to use.
The report from Deloitte states:
"Security Information and Event Management (SIEM) is one of the fastest growing segments of the marker according to analysts. SIEM solutions analyze security event data in real time to identify threats and analyze and report no log data for compliance monitoring."
"With SIEM solutions, gone are the endless reports that caused IT security teams to lose control of corporate security. Another reason for the higher profile of emerging technologies is that, as revealed by the survey, spending on IT security has remained a priority for organizations."
"That makes it easier for organizations to improve security infrastructure and invest in products for which they previously had no room in their budgets."
You can read the entire Deloitte survey in PDF format by clicking this link: 2010 Financial Services Global Security Study.
Cross-posted from i-Sight