Survey Reveals Need For Security In Technology, Media Sectors

Jan 29, 2008 4:42 PM

           

Technology, media and telecommunications (TMT) businesses must increase their security efforts and investments according to the 2007 TMT global security survey, "Treading Water," from Deloitte Touche Tohmatsu (DTT). The survey indicates that when it comes to security and privacy, the majority of TMT companies find themselves "treading water." Despite increased security investments, many are just managing to keep pace with the growing threats. In order to get in front of the problem, TMT businesses must increase their security efforts and investments.

For the second year, Deloitte conducted an in-depth survey of security practices at more than 100 TMT organizations around the world. The global survey respondents included TMT companies from across all three sectors, 54 percent of which employ between 5,000-50,000 employees and 47 percent of which report revenue between $1 billion and $10 billion.

In the year preceding the survey, most companies successfully avoided a major security crisis with 69 percent of respondents saying they are "very confident" or "extremely confident" about their organization's effectiveness at tackling external security challenges. However, only 56 percent display confidence in addressing internal threats.

"The most dangerous threats come from within," explains Jacques Buith, security and privacy leader of DTT's TMT Industry Group. "This is a threat most companies are in a position to control."

TMT companies may also be developing a false sense of security about digital rights management, security and the mobile workforce and physical security versus information security. According to the survey results, TMT companies are built on a base of physical assets (buildings and infrastructure) and information assets (such as digital content), yet most companies continue to treat physical security and information security as separate and distinct. This means they could be missing out on some important opportunities.

In light of the fact that TMT companies must avoid the risk of all kinds of security breaches, including identity theft, data leakage, account fraud, phishing and more, the Deloitte survey closely examined how many of these companies have a governance framework in place. Eighty-two percent of respondents already have such a framework and another 3 percent plan to do so within the next two years. Only a few organizations, 6 percent, do not have one and do not intend to put one in place.

There are many factors that can cause companies to decide against an information security governance framework. For instance, the number of chief information security officers (CISOs) appointed in the companies surveyed increased from 57 percent to 65 percent in the past year. CISOs are still not industry standard among TMT corporate officers, yet they are one of the keys to effective information governance. The survey revealed that only 13 percent of CISOs have a tenure of more than 10 years, whereas the highest percentage, 39 percent, responded having held a CISO position for just three to five years, indicating that there is still an upward trend toward governance frameworks overall.

Another prerequisite for effective information security is the implementation of an information security strategy that aligns with corporate initiatives. Such a strategy must be closely linked to the company's overall business strategy, business requirements and key business drivers. The survey results show that 54 percent of TMT companies have put a formal information security strategy in place. Another 20 percent intend to do so within 2 years. Moreover, 17 percent of the surveyed companies see the lack of such a strategy as one of their biggest barriers to achieving information security.

With a range of technology choices and dozens of elements of today's business environment challenging information security each day in TMT companies, the amount of detail can be overwhelming. This year's survey reveals a need for TMT companies to focus on all of the different aspects of information security, from having the technology in place, to establishing protocols to react to security breaches, to the effect of the talent crisis on the information security of a company.

"The bottom line, there is a lot of work to be done," Buith concludes. "Increasing security efforts now will make all the difference when that next security threat reveals itself on the horizon."

Want to use this article? Click here for options!
© 2008 Penton Media Inc.

SUBSCRIBE

Select an Issue April 1, 2008 March 1, 2008 February 1, 2008 January 1, 2008 December 1, 2007 November 1, 2007 October 1, 2007 September 1, 2007 August 1, 2007 July 1, 2007 June 1, 2007 IP Security Supplement May 1, 2007 April 1, 2007 March 1, 2007 February 1, 2007 January 1, 2007 School Security December 1, 2006 November 1, 2006 October 1, 2006 September 1, 2006 August 1, 2006 July 1, 2006 June 1, 2006 May 1, 2006 April 1, 2006 March 1, 2006 February 1, 2006 January 1, 2006 December 1, 2005 November 1, 2005 October 1, 2005 September 1, 2005 August 1, 2005 July 1, 2005 June 1, 2005 May 1, 2005 April 1, 2005 March 1, 2005 February 1, 2005 January 1, 2005 December 1, 2004 November 1, 2004 October 1, 2004 September 1, 2004 August 1, 2004 July 1, 2004 July 1, 2004 June 1, 2004 May 1, 2004 April 1, 2004 March 1, 2004 February 1, 2004 January 1, 2004 December 1, 2003 November 1, 2003 October 1, 2003 September 1, 2003 August 1, 2003 July 1, 2003 June 1, 2003 May 1, 2003 April 1, 2003 March 1, 2003 February 1, 2003 January 1, 2003 December 1, 2002 November 1, 2002 October 1, 2002 September 1, 2002 August 1, 2002 July 1, 2002 June 1, 2002 May 1, 2002 April 1, 2002 March 1, 2002 February 1, 2002 January 1, 2002 December 1, 2001 November 1, 2001 October 1, 2001 September 1, 2001 August 1, 2001 July 1, 2001 June 1, 2001 May 1, 2001 April 1, 2001 March 1, 2001 February 1, 2001 January 1, 2001 December 1, 2000 November 1, 2000 October 1, 2000 September 1, 2000 August 1, 2000 July 1, 2000 June 1, 2000 May 1, 2000 April 1, 2000 March 1, 2000 February 1, 2000 January 1, 2000 December 1, 1999 November 1, 1999 October 1, 1999 September 1, 1999 August 1, 1999 July 1, 1999 June 1, 1999 May 1, 1999 April 1, 1999 March 1, 1999 February 1, 1999 January 1, 1999 December 1, 1998 November 1, 1998 October 1, 1998 September 1, 1998 August 1, 1998 July 1, 1998 June 1, 1998 May 1, 1998 April 1, 1998 March 1, 1998 February 1, 1998 January 1, 1998 December 1, 1997 November 1, 1997 October 1, 1997 September 1, 1997 August 1, 1997 July 1, 1997 June 1, 1997 May 1, 1997 April 1, 1997 March 1, 1997 February 1, 1997 January 1, 1997

This month in Access Control

• Opening Up About Door Closers
• An Enterprise Approach
• The Framework For Open Systems
• On A Higher Plane
• More from April's issue