Study: Global information security improving, but far from perfect

By

A global security study discusses what has improved around information security over the past year and where there is room for improvement.


Information is the new currency of business and this year progress has been made to secure it, but there is still work to be done, according to a worldwide study released Wednesday at a seminar in New York.

Case in point: The study found that though security technology implementation is increasing, many companies don't know where all their important data is located.

The sixth annual study titled, “The State of Information Security 2008,” was conducted in part by PricewaterhouseCoopers.

More than three out of 10 respondents had trouble answering basic
information about their company's key information inventory, according to the study. Some 71 percent of respondents said their organization does
not have an accurate inventory of where personal data for employees and
customers is stored.

“How do you know what to protect if you don't know what you have and
where it is?” Mark Lobel, a principal in the Advisory practice of
PricewaterhouseCoopers, asked the audience Wednesday at the "2008 Global
State of Information Security" seminar, held at PwC's headquarters in midtown
Manhattan.

There was plenty of good news. The study concluded that increases in implementation of new security technologies were shown across all industries and countries, including encryption, web security, and intrusion detection and prevention.

Deployment of laptop and database encryption each increased by 10 percent from 2007. Implementation of web and internet content filters jumped from 51 percent in 2007 to 69 percent in 2008, the study showed. And more companies are creating security policies and reviews.

The study also showed some regional improvement trends over the past year. India has seen dramatic increases in security, surpassing almost all countries in the world. China has also improved, but at a slower rate. Overall, Asia is now on par with North America in their security practices.

But there are additional areas that need improvement.

The study found that there is a disconnect between the view of compliance and what is actually happening. Some 73 percent of respondents estimated users are complying with internal security policies, but only 43 percent audited compliance with security policies. Even C-level executives disagree whether security spending and security policies were aligned with business objectives.

Lobel posed three "calls to action" to companies at Wednesday's seminar. Ideally, he said, companies should respond with a "yes" to the following questions: Do you know what data you have? Do you have a strategy that includes people, processes and technology? Do you have a leader in you company to guide it and pull it all together?

“What we need is leadership -- and a plan,” Lobel said.

See original article on scmagazineus.com
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
farfromglobalimprovinginformationperfectsecurity

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?