Security is a single issue as recession raises the risks: tough financial times threaten your business on all fronts, so it's time to get out of that silo and start building a total security system.
PwC surveyed 10 FTSE 100 companies to discover what organisations should be doing to protect themselves, their employees and their systems in this challenging economic climate.
Steve Wright, PwC security and business continuity management leader, said: "The companies surveyed didn't grasp the new and increased risks recession brings and were not mature in proactively gathering information."
He added that companies were not making the most of the available tools to analyse and manage risks and claimed there was still a perception that security is a "disabler" rather than an "enabler" of business processes.
Another key finding was that people and mobile devices showed considerable security weaknesses, with only 50% of the surveyed companies demonstrating a significant level of employee vetting. Jay Abbott, a senior manager in PwC's technology assurance practice, highlighted the threat of organised crime over methods such as hacking. He said: "The insider threat is the biggest for information security" because employees can carry out information in portable devices.
Nick Frost, a senior research consultant at Information Security Forum (ISF), said: "The 'techno-generation' that are potential employees are brought up with technology and mobile devices to access information. If these devices are not adequately secured, it could be problematic for the companies." Experts also point to the security risks of cross-content activities like employee blogging and information sharing with competitors, that many companies are still not addressing.
As budgets across all departments continue to stagnate, most corporates outsource "business-critical" functions to third party companies. Frost said: "This budget pressure leads firms to outsource and increases their risk of data loss." The PwC survey calls for greater analysis of the risks of third party collaboration.
Analysts pinpoint the "silomentality" that arises from the separation of corporate and IT securities within a business. As Frost puts it: "There is a lack of collective and converged risk assessment". The study too urges "a combined and converged approach from security and risk departments" to boost resilience against information vulnerabilities such as off-shoring, insider threats and mobile malware--danger areas which grow in recession.
Wright also warned that the absence of an integrated approach weakens the fight against information risks such as intellectual property infringement, counterfeiting, terrorism, bribery, hacking and organised crime.
But Howard Schmidt, president of the ISF and a former White House security advisor, remained upbeat about the new methods adopted by companies to tackle the changing dynamics of security risks. He insisted that "security is no longer an add-on" but is ingrained within firms' IT infrastructure, business processes and strategic planning from the start.
Also on the positive side, PwC's benchmarking exercise found an improvement in investigation and intelligence gathering, improved monitoring and better preparedness to handle crises and restore key business processes quickly and efficiently.
|Printer friendly Cite/link Email Feedback|
|Publication:||Information World Review|
|Date:||Apr 1, 2009|
|Previous Article:||Builders' blacklist signals start of tighter data protection enforcement: the shocking revelations of a well used blacklist of construction workers...|
|Next Article:||Local papers get political in battle for the printed page: is MP Denis MacShane right to claim that a thriving local paper is critical to the...|