The impact of the move to cloud services and the consumerisation of technology have emerged as key issues for networked enterprises in the 2012 Global State of Information Security Survey. More than 9,600 executives from 138 countries – including 100 respondents from New Zealand - participated in the survey, conducted by CIO and CSO magazines in association with PricewaterhouseCoopers (PwC).
A clear majority (72 percent) of respondents are confident their organisation’s security activities are effective. This level of assurance indicates information security is viewed as a critical business function rather than a “patchwork of technical guesses” or a line in the CIO’s budgets, according to PwC.
“Since 2007, companies now have greater insights and awareness than ever before into the landscape of cybercrime and other security events – and they’re translating this information into investments specifically focused on three areas: prevention, detection and operational web-related technologies,” says Colin Slater, partner in PwC’s security and technology practice in New Zealand.
The survey finds organisations are beginning to implement strategies to keep pace with employee adoption of mobile devices and social networking as well as use of personal technology within the enterprise.
But much remains to be done in this area. Less than half of the respondents have implemented safeguards to protect the enterprise from security hazards that mobile devices and social media can introduce.
Cloud computing has also complicated the security landscape globally. More than four out of 10 respondents said they are using cloud services. New Zealand has a higher uptake, with 89 percent of respondents using software as a service. Fifty four percent of organisations said cloud technologies have improved security, while 22 percent said it increased vulnerability.
In the 2011 survey, nearly 40 percent of NZ respondents reported no security events, but the 2012 survey shows a significant increase in reported events. Nearly a third, 31.8 percent of respondents, said there were one or two incidents in the past year.
Slater says just a few years ago, almost half of respondents couldn’t answer basic questions about the nature of the security related breaches but now nearly 80 percent can provide basic information about the frequency, type and source of security breaches they faced this year.
Loss of data, mobile device compromise and social engineering attacks emerged as the key incidents over the past year. The main sources of the incidents are employees (67 percent) and former employees.
Slater points out 47 percent of local respondents did not encrypt mobile devices such as laptops and smartphones which compared poorly with global statistics. “While we are a low crime country, theft of electronic devices is still a major risk factor,” he says. Simple steps such as encrypting data would mean the risk is reduced to the cost and pain of replacing the device, he says.
Absence and shortage of skilled security resources is a key issue in New Zealand with nearly half (47 percent) of respondents noting this as a key priority, compared to only 27 percent of their counterparts in the Asia-Pacific region highlighting this issue.
As a result, 66 percent of respondents said they are outsourcing their security operations. But of this group, only 60 percent reported putting standards in place for these third party organisations.
The 2012 Global State of Information Security Survey results will be covered in depth in the December 2011 issue of CIO New Zealand and at cio.co.nz.
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.