Companies not tackling security risks of new IT, survey shows
Ernst & Young Information Security Survey shows companies not assessing security risks of new technologies
Organisations are ill prepared to tackle the security risks of new technologies, according to a study by Ernst & Young.
The company found that less than one third of businesses have an IT risk management program to manage the potential risks of new technologies such as cloud computing and enterprise mobility.
The Ernst & Young's 13th annual Global Information Security Survey, which surveyed 1,600 organisations across 56 countries, found that while 60% of companies believed that use of service providers and business adoption of new technologies, such as cloud computing, social networking and Web 2.0 increased risk, only one in ten consider examining new IT trends a very important activity for information security.
The survey also found that half of respondents see the growth of enterprise mobility solutions as making it harder to implement information security initiatives, and two-thirds see employees' level of security awareness as a problem.
Paul van Kessel, Ernst & Young Global IT Risk and Assurance Leader, commented: "Technology advances provide an increasingly mobile workforce with seemingly endless ways to connect and interact with colleagues, customers and clients. These advances represent a massive opportunity for IT to deliver significant benefits to the organization but new technology also means new risk. It is vital that companies not only recognize this risk, but take action to avoid it.
"As the mobile workforce continues to grow, so does the level of risk. In addition to implementing new technology solutions and re-engineering information flows, companies must focus on informing the workforce about risks. The delivery of effective, and regular, security awareness training is a critical success factor as companies attempt to keep pace with the changing environment," he added.
The survey also found that less than half of the companies surveyed plan to increase the IT security budgets this year, although spending on data leakage and data loss prevention is set to increase in half of respondent's organisations, up from 7% last year.
To address potential new risks, 39% of respondents are making policy adjustments, 29% are implementing encryption techniques and 28% are implementing stronger identity and access management controls.
For the first time, continuous availability of critical IT resources was identified as one of the top five risks.
23% of respondents are using cloud computing services, a further 15% plan to use within the next 12 months. For 85% of respondents, external certification of cloud service providers would increase trust; 43% state that certification should be based upon an agreed standard and 22% require accreditation for the certifying body.