« Security & Compliance - Who's on First? | Main | Compliance & the Security Manager »

The 9th annual Global Security Survey from Information Week just came out. As security related surveys go, this is actually one of the best ones around. Much of what is discovered is typically similar from year to year with some variability. However, there are always a few interesting nuggets to glean from reading the survey:

http://www.informationweek.com/story/showArticle.jhtml?articleID=190301155

Here are a few interesting (sometimes troubling) points of note

- Customer Data Breaches are on the Rise. The compromise of proprietary customer data is a big problem that appears to be getting bigger. Notwithstanding greater awareness due to highly publicized cases, 11% of US companies reported that customer data had been compromised in some way in contrast to 6% last year.

- InfoSec Tithe by Country. In the US, 13% of IT budget is directed to information security as compared to 14% for China, 16% for Europe, 17% for India. Is this an indication that we don't take security quite as seriously? I'm not convinced of that but I do find it interesting.

- No Answer to Insider Threats. Apparently, more than half of the respondents believe that security technology, policy, and training are ineffective against insider threats from employees. However, insider security breaches appear to be more of an issue for US companies (24%) than in China (15%) or Europe (11%). A couple of possible explanations for that factoid: One conclusion is that US companies are more willing to disclose or because of regulatory demands, must disclose. Another explanation - US employees are more independent, free thinking and hence more willing to act out of bounds versus employees in China who may be more accustomed to a regimented, authoritarian management structure?? Just interesting...

- Three Biggest Security Challenges? Survey says (Letterman style):
... Number 3: Enforcing Security Policies (36% of respondents)
... Number 2: Raising User Awareness (41% of respondents)
... Number 1: Managing the Complexity of Security (48% of respondents)

I think this speaks to how challenging security is for large enterprises. It's plain difficult with a myriad of platforms to deal with, new apps being deployed and increasing variety of attacks. This means there's a premium for security tools that actually reduce complexity, rather than increase it (which unfortunately, some tools do). Also, per challenge # 2, it's not just about technology, it's about people and processes.

- Viruses, Worms and ID Theft, Oh, My! Finally, what are companies consciously defending against? Here's the breakdown - Viruses/Worms (56%), Spyware (40%), Customer Data Theft (36%). Surprisingly low on the list, Spam (27%), Denial of Service (26%)... which may indicate that corporations believe that they have that licked.

Posted by andreyee in Industry Trends |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/463