By Tobias Manolo
A new study released last week by the Economist Intelligence Unit – Information risk: Managing digital assets in a new technology landscape – has highlighted the situation that new technologies, such as BYOD (Bring Your Own Device), mobility, cloud computing and even big data, has meant that more companies are now vulnerable to security threats as they contend with collecting and analysing information, and keeping it protected.
The report, sponsored by HP, surveyed senior business leaders in respect of their approach to information risk and management of big data. The study also revealed that common risks were often a result of carelessness, and a lack of knowledge, by employees, i.e. loss of mobile devices and laptops which can lead to the theft of information, with as many as 76% of respondents saying their security risk could be mitigated by technology.
Steve Durbin, global vice president of the Information Security Forum, said: “We no longer control a network perimeter over which we can throw a safe blanket and say that everything within the network is now safe and contained. We operate in a completely cyber-enabled environment; we are always on, we are always connected, and we are highly mobile.”
Some companies, such as FedEx, are now working to educate the employees in best practices to protect their corporate information through the use of awareness campaigns, e-newsletters, and even an annual cyber-security conference! Denise Wood, chief information security officer (CISO) at FedEx, said: “A key strategy of the overall programme is educating employees on current threats and providing practical security tips they can apply both at work and home.”
Results from the study also revealed:
• Only 1-in-4 companies, just 27%, admitted that awareness of security principles did not extend throughout the business.
• Some respondents believe that third party and outsourcing collaboration caused more security risks than new technologies.
• Different rules in different locations caused problems for 68% of respondents, and want more harmonisation of governance regarding data security.
• Only 1-in-10 companies actually placed a monetary value on their corporate information.
• 48% of respondents admitted that their organisation had experienced data breaches in the last 2 years, and consider a data breach a fact of today’s business.
However, 62% of companies want regulators and governments to take the lead when it comes to information risk management, highlighting the sharing of cyber-attack knowledge between organisations. Indeed, the government in the UK has established a £650 million National Cyber Security Programme in order to increase unified action against cyber threats across the private sector, international entities, governments and individuals.