Risks compounded by inadequate budget and resources
TORONTO, Nov. 9 /CNW/ - The current economic environment is producing a rise in both internal IT threats and external assaults on company websites and networks, according to Ernst & Young's annual Global information security survey, released today.
Out of 1,900 survey participants, 75% are concerned about reprisals from employees recently separated from their organization. The survey further reveals:
- Forty-one percent reported an increase in external attacks.
- Twenty-five percent witnessed an increase in internal attacks.
- Thirteen percent have seen an increase in internally perpetrated
"Canadian organizations must develop comprehensive, risk-based security strategies that focus on their potential exposure," said Claude Francoeur, Partner in Ernst & Young's IT Risk and Assurance practice. "For example, companies should develop a formal response aimed at dealing with employees likely to leave the organization as a result of workforce reductions or job elimination."
Despite the 19% of respondents who say they have not yet taken steps to protect themselves, some companies are already taking action. For instance, 38% are improving identity and access management, 28% are improving change controls and 18% have implemented a Data Leakage Prevention (DLP) program.
"Due to new and increasing risks organizations are facing, data protection is now top of mind for many information security leaders," said Francoeur. "In fact, implementing DLP technologies is now a higher priority for many organizations than both security awareness training and regulatory compliance."
Implementing or improving DLP technologies is the second-highest security priority of respondents in the coming 12 months, identified by 40% as a top three priority. Improving information security risk management was the only priority that topped this focus.
The survey results are encouraging in that many organizations are taking a more holistic view of security and focusing on the overall health of their information security program. The challenge for many, however, is a lack of adequate budget and resources.
"Risks, new challenges and a changing regulatory environment are driving the IT agenda, but unfortunately not everyone has the resources to cope," said Francoeur.
Clearly, the recession has taken its toll. Resources are scarce for 56% of respondents (up from 48% last year). Despite this challenge, only 20% of respondents plan to hire more in-house resources and only 14% plan to spend more on outsourcing.
The industry is also heading towards enhanced regulation, a move that will require additional and more costly compliance because of increasing complexity. Privacy and protection of personal data will become an ever greater challenge for organizations as new technologies and services gaining widespread use, such as social networking and virtualization.
About Ernst & Young
Ernst & Young is a global leader in assurance, tax, transaction and advisory services. Worldwide, our 144,000 people are united by our shared values and an unwavering commitment to quality. We make a difference by helping our people, our clients and our wider communities achieve their potential. For more information, please visit ey.com/ca.
SOURCE EY (Ernst & Young)
For further information: For further information: Amanda Olliver, firstname.lastname@example.org, (416) 943-7121; Brooke McLachlan, email@example.com, (604) 899-3597; Marie-Ève Graniero, firstname.lastname@example.org, (514) 874-4313