Com­pa­nies need to get data se­cu­rity in or­der, says re­search


New re­search shows that or­gan­i­sa­tions con­tinue to strug­gle to man­age data se­curely, pre­pare for po­ten­tial cri­sis sce­nar­ios, and de­fend against hack­ing and other cy­ber threats, ac­cord­ing to find­ings from the ‘ 2014 IT Se­cu­rity and Pri­vacy Survey’ con­ducted by global con­sult­ing firm, Pro­tiv­iti.

The third edi­tion of this re­port con­tains in­sights from more than 340 CIOs, CSOs, IT direc­tors, man­agers and IT au­di­tors at com­pa­nies with gross an­nual rev­enues rang­ing from less than $ 100 mil­lion to greater than $ 20 bil­lion. Ac­cord­ing to a state­ment from the company, the find­ings iden­tify gaps be­tween where com­pa­nies cur­rently stand - and where they should be in relation to fun­da­men­tal el­e­ments of IT se­cu­rity. The hard line is that many still fall short of im­por­tant stan­dard pro­to­cols for IT se­cu­rity and pri­vacy.

“Com­pa­nies need to take more ac­tion in relation to the risks they recog­nise to bet­ter pro­tect their cru­cial data.” Cal Slemp, man­ag­ing di­rec­tor and global leader of the firm's IT se­cu­rity and pri­vacy prac­tice.

Key find­ings

The re­search cov­ers key themes and ar­eas for con­sid­er­a­tion. Th­ese in­clude the fact that or­gan­i­sa­tions lack high con­fi­dence in their abil­ity to pre­vent a cy­ber at­tack or data breach. While ex­ec­u­tive man­age­ment has a higher level of aware­ness there are lower con­fi­dence lev­els among IT ex­ec­u­tives and pro­fes­sion­als in pre­vent­ing an at­tack or breach. There is also a no­tice­able year- overyear jump in the num­ber of or­gan­i­sa­tions with­out a for­mal and doc­u­mented cri­sis re­sponse plan to ex­e­cute in the event of a data breach or cy­ber at­tack. Re­gard­ing the cor­re­la­tion be­tween board en­gage­ment and stronger IT se­cu­rity pro­file, nearly three out of four boards have a good level of un­der­stand­ing about the or­gan­i­sa­tion’s in­for­ma­tion se­cu­rity risks. Or­gan­i­sa­tions whose boards are con­cerned with how the or­gan­i­sa­tion is ad­dress­ing its risks, have sig­nif­i­cantly stronger IT se­cu­rity pro­files. On the other hand, one in five boards ap­pear to have a low level of en­gage­ment in how the company is ad­dress­ing in­for­ma­tion se­cu­rity risks. How­ever, sev­eral com­pa­nies ap­pear not to have proper “core” data poli­cies. One in three do not have a writ­ten in­for­ma­tion se­cu­rity pol­icy ( WISP). More than 40% lack a data en­cryp­tion pol­icy. One in four do not have ac­cept­able use or record re­ten­tion/ de­struc­tion poli­cies. Th­ese are crit­i­cal gaps in data gov­er­nance and man­age­ment, and they carry con­sid­er­able le­gal im­pli­ca­tions. The 2014 IT Se­cu­rity and Pri­vacy Survey can be found at­tiv­­cu­ri­ty­survey

Newspapers in English

Newspapers from International

© PressReader. All rights reserved.