There used to be a greater fear of cyber attacks coming from internal sources, but now companies feel external attacks are on the rise.
That is just one reason why companies need to think of change when it comes to information security because the threats are becoming greater, more sophisticated and more advanced, a new study said.
Organizations are implementing incremental improvements to their information security capabilities to provide short-term solutions without tackling the issues associated with the overall information security threat, according to the Ernst & Young Global Information Security Survey 2012.
With 31% of organizations experiencing more security incidents in the last two years, the need to develop a robust security architecture framework has never been greater, according to the report. However, 63% of organizations have no such framework in place and 16% of respondents report their information security function fully meets the needs of the organization.
“The new normal for the CIO is that fast is not fast enough,” said Paul van Kessel, Ernst & Young Global IT Risk and Assurance Services Leader. “The velocity and complexity of change is happening at a staggering pace, with emerging markets, continuing economic volatility, off-shoring and increasing regulatory requirements adding to an already complicated information security environment.”
Organizations recognize the risk environment is changing, as the frequency and nature of information security threats increase and the number of security incidents rises. Over three-quarters (77%) of respondents agreed there is an increasing risk from external attacks, but this is not the only source for concern for global organizations, with 46% reporting that internal vulnerabilities are also on the rise, the report said.
New technologies are opening up tremendous opportunities for organizations; but also potential threats from previously unknown sources. Cloud computing continues to be one of the main drivers of business model innovation, with the numbers of organizations using the cloud almost doubling in the last two years.
However, 38% of organizations have not taken any measures to mitigate the risks, such as stronger oversight on the contract management process for cloud providers or the use of encryption techniques, the report said.
Another significant new technology is Internet-enabled mobile devices, whose technology advancements — and the associated business benefits —vastly increased adoption rates.
“With 44% of organizations now allowing the use of company or privately-owned tablets — up from 20% in 2011 — substantial levels of information are now flowing in and out of the office, making control increasingly difficult,” Van Kessel said.
Organizations recognize they need to do more on mobile technology. However, in the fast-moving mobile computing market the adoption of security techniques and software is still relatively low, with just 40% of organizations using some form of encryption technique on mobile devices.