New Tech Trends, New Security RisksSurvey Confirms Social Networking, Cloud Computing Pose Threats
A new survey of IT and business executives in various sectors shows that key factors making the security landscape riskier are the rapid rise of social networking, the growing reliance on Internet-based applications, or cloud computing, and the growing sophistication, criminalization and organization of hackers.
The Eighth Annual Global Information Security Trends survey from CompTIA, an IT trade association, polled 1,400 participants in 10 countries, including 400 in the U.S.
Security Becoming a Higher PriorityLooking strictly at U.S. results, 49 percent rate security as an upper-level IT priority, up from 35 percent in 2008. One possible reason for the change: 63 percent reported experiencing at least one security incident or breach in the past 12 months.
Information security affects more organizations on more levels as technology permeates every functional area of a business and more staff members assume the role of knowledge worker.
In healthcare alone, more than 190 information breaches affecting 500 or more individuals have been reported to federal authorities since September 2009 as required under the HITECH Act breach notification rule.
Internationally, organizations in South Africa, India, Brazil and the United Kingdom lead the way in rating security as a top priority, the survey shows.
Among other highlights of the U.S. results:
- 59 percent attribute the blame for security breaches to human error, while 41 percent cite technology shortcomings. The elements of human error that most contribute to security breaches include the failure of end-users to comply with security policies, lack of security training and inadequate time/resources devoted to managing security threats.
- 34 percent believe the economic recession has increased the likelihood that some employees will take advantage of customer lists, steal equipment or use intellectual property inappropriately after being dismissed.
- Only 55 percent of respondents' organizations have a written IT security policy in place, and about one-third require end-user security training. Both are more common in larger organizations.
- Top spending priorities include firewall or other security infrastructure hardware and security software related to malware protection and monitoring.
Security Threats, Old and NewIn describing the survey results, CompTIA notes that "old" security threats such as viruses, e-mail and browser-based attacks, as well as user abuse, continue to be of great concern. But emerging threats, such as social media-based attacks and the risks involved in using cloud computing and mobile technologies, make the situation even worse.
"Information security affects more organizations on more levels as technology permeates every functional area of a business and more staff members assume the role of knowledge worker," says Tim Herbert, CompTIA's vice president of research. "As organizations invest in new solutions to give employees anytime, anywhere access to information, tools and collaboration, they must contend with the possibility of introducing new vulnerabilities into the security equation."
As a result, those lacking written security policies or aggressive security training programs need to make both a priority for 2011 and beyond.