Organisations need to fundamentally shift their approach to information security in order to meet the threats presented by existing and emerging technologies, according to Ernst & Young's Global Information Security Survey 2012 report released last October. The report, now in its 15th year, is based on responses from over 1,850 CIOs, CISOs and other information security executives in 64 countries.
According to Ernst & Young, organisations are implementing incremental improvements to their information security capabilities to provide short-term solutions, which are not adequate for tackling the issues associated with the overall information security threat. The survey shows that 31 percent of respondents are experiencing a higher number of security incidents in the last two years. Surprisingly, 63 percent of organisations have no such framework in place and only 16 percent of respondents report that their information security function fully meets the needs of the organisation. What is happening here?
Photo: Gerry Chng, Ernst & Young.
Gerry Chng, Partner, Advisory Services, at Ernst & Young Advisory in Singapore, observed that in the last 12 months, the market has seen a rapid shift in the way technology presents opportunities for businesses. He said: "Ranging from employee-owned mobility solutions, cloud computing, social media, Big Data, and targeted advanced persistent threats, companies are struggling to cope with the new normal using conventional methods. The velocity and complexity of change is happening at a staggering pace, with emerging markets, continuing economic volatility, offshoring and increasing regulatory requirements adding to an already complicated information security environment."
But such increase in "velocity" of change cannot be the only reason that there still exists a widening gap between actual implementation and the ideal state of affairs.
Threat level continues to rise
Organisations recognise that the risk environment is changing, as the frequency and nature of information security threats increase and the number of security incidents rises. Over three-quarters (77 percent) of global respondents agreed that there is an increasing risk from external attacks, but this is not the only source for concern for global organisations, with 46 percent reporting that internal vulnerabilities are also on the rise.
New technologies are opening up tremendous opportunities for organisations; but also potential threats from previously unknown sources, said Chng. Cloud computing continues to be one of the main drivers of business model innovation, with the numbers of organisations using the cloud almost doubling in the last two years. However, 38 percent of organisations have not taken any measures to mitigate the risks, such as stronger oversight on the contract management process for cloud providers or the use of encryption techniques.
Another significant new technology is internet-enabled mobile devices, whose technology advancements—and the associated business benefits—have vastly increased adoption rates.
Sign up for CIO Asia eNewsletters.