In Rush to Adopt New Technologies, Cybersecurity is Forgotten
As businesses rush to keep up with new technology, research shows they aren't putting the same urgency into keeping it secure.
A new survey from Ernst & Young found that 72 percent of those surveyed are seeing a growing level of risk due to increased external threats. Yet only about one third of respondents have updated their information security strategy in the last year.
With 80 percent of business and other organizations currently using or considering using mobile tablets and more than 60 percent planning to use cloud-computing services within the next year, the threat of security breaches has become an after-thought in the rush to adapt to the rapidly changing technological landscape, according to Paul van Kessel, global IT risk and assurance leader for Ernst & Young.
"The focus must move from short-term fixes to a more holistic approach integrated with long-range strategic corporate goals," van Kessel said.
In the current climate, businesses must make security more of a priority, van Kessel said.
According to the survey, only 12 percent of respondents are presenting information security topics at each board meeting and fewer than half said their information security function is meeting the needs of their organization.
"Information security needs to be more visible in the board room, with a clearly defined strategy that will support the business in the cloud and elsewhere," van Kessel said. "Most companies still have a long way to go to make this a reality."
The survey suggests one problem is that business leaders don't have a plan for how to spend their security budgets.
While nearly 60 percent of those surveyed plan to increase their information security budgets in the next year, only half have a documented information security strategy.
Over the next year, those surveyed said cloud computing is their top information security funding priority.
Despite the compelling reasons to use the cloud, van Kessel warns businesses to closely examine the move first.
Nearly half of those surveyed said their implementation of cloud computing this year was a difficult challenge, and more than half of them didn't implement any controls to mitigate the associated risks.
"In the absence of clear guidance, many organizations seem to be making ill-informed decisions, either moving to the cloud prematurely and without appropriately considering the associated risk, or avoiding it altogether," van Kessel said.
Other top concerns of those surveyed include ensuring mobile devices are secure and avoiding malicious attacks through social media.
Ernst & Young's 2011 Global Information Security Survey is based on interviews with nearly 1,700 organizations in 52 countries.