Executives Lack Confidence in Infosec Strategies

Sunday, December 04, 2011

Bill Gerneglia


Article by James Finnan

As we reported recently, Cyber attacks are becoming increasingly common across the globe. Many Fortune 2000 companies as well as government agencies around the world are under frequent cyber attack of their core systems and services.

The opportunity for cyber attacks grows daily as these corporations and governments continue to amass information about individuals in complex networks across the Web. At the same time new generations of cyber activists, some motivated purely by money and others by the desire to expose and destabilize corporations and governments, continue to hack into organizational secrets.

No enterprise, no matter how small or benign, will ever be safe from cyber attack in the future, with an estimated 250,000 site breaches reported in the last few years.

How best to cope with the growing number of these cyber security threats? Raising awareness among business executives is an important first step in the implementation of a sound information security policy.

The following survey results aim to measure the state of awareness and preparedness of corporate information security policies among global business executives.

About 29% of business executives surveyed are uncertain when it comes to their organizations' information security strategy. Another 43% believe their organization has an effective information security strategy in place.

These numbers are some of the findings of the 2012 Global State of Information Security Survey conducted recently. Participants in the survey included approximately 10,000 senior level executives from organizations globally.

The survey respondents included members of both CSO and CIO Magazines as well as Price Waterhouse Cooper clients.

The survey placed respondents into different groups such as information security frontrunners (43%). These were defined as those executives that have an effective information security strategy in place.

Next, strategists (27%) defined as those who are better at making policy than implementing it. Tacticians (15%) who are better at getting things done than creating strategies. Last are the fire-fighters (14%) defined as those who are in reactive mode. This implies that they typically are without effective strategies in place.

According to Ciaran Kelly of PwC, "Companies now have greater insights than ever before into the landscape of cyber-crime and other security events, and they're translating these insights into investments on risk prevention and detection technologies. Just a few years ago, almost half of this survey's respondents couldn't answer the most basic questions about the nature of security-related breaches, now approximately 80% of respondents can provide specific information about the frequency, type and source of security breaches their organizations faced this year."

According to the survey, the global adoption of cloud computing services has improved, but also complicated, the security landscape.

More than four out of ten respondents report that their organization uses cloud computing. Of these, 69% used software-as-a-service, 47% used infrastructure-as-a-service and 33% used platform-as-a-service.

54% of organizations say that cloud technologies have improved security, while 23% say it has increased vulnerability. The largest perceived risk is the inability to enforce provider security policies.

Mobile devices and social media represent a significant new line of risk, says the survey. Organizations are beginning to increase their efforts to prevent mobile and social media based attacks.

Forty-three per cent of respondents have a security strategy for employee use of personal devices, 37% have a security strategy for mobile devices and 32% have a security strategy for social media.

The survey shows significant improvement in the awareness of business executives in understanding proper Information Security policies but also highlights the real need for raising more aware and more Infosec diligence across all organizations.

Cross-posted from myITview.com  via CIOZone

Possibly Related Articles:
Enterprise Security
Information Security
Data Loss Enterprise Security Security Strategies Hacktivist hackers Infosec Executives
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.