Security // Compliance
News
5/2/2012
06:25 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%
Repost This

Strategic Security Survey: ID The Right Threats

Identify the right threats for effective risk management.

Get the full-length InformationWeek Strategic Security Survey
Analytics Report

Our InformationWeek Strategic Security Survey, now in its 15th year, is a great trend spotter--when we see a double-digit, year-over-year percentage-point shift, we take notice. For example, based on 946 responses, only 15% feel they're more vulnerable than a year ago, which is the same percentage as in 2011. However, among those feeling more vulnerable, the percentage of IT pros worried that there are more ways to attack their networks plunged, from 76% to 62%. The concern that's on the rise is the growing amount of customer data to secure: up to 44% from 34% a year ago.

IT's also paying closer attention to the security of public cloud service providers. Last year, just 18% conducted their own audits; now it's up to 29%. Use of providers' own audit reports is also up. To the 9% who want to conduct risk assessments but are stymied by uncooperative vendors, we say consider that resistance a big red warning flag.

One area where we saw surprisingly little movement is mobile security: 25% say smartphones and tablets represent a significant threat, up just a tick from 24%. Loss or theft is IT's greatest concern, and for good reason, since end users are more likely to leave a tablet in a cab than they are to download a malicious app. That's why mobile device management software that can remotely wipe data, protecting the organization from a potentially messy information leak, is so critical.

Another constant among our respondents is perceived cloud risks. Top worries include leaks of customer data and security defects in the providers' systems, unchanged from last year.

Cloud and mobility may be hot-button issues, but our report goes deeper. Consider a secure software development life cycle (SDLC) process. We recommend investing in a process to ensure that your software isn't laden with flaws that attackers can exploit, yet just one-third of respondents have formal programs in place. That's one trend line that we hope angles up for 2013, aided by the fact that among respondents whose shops do use secure SDLCs, 33% rate them very effective.

This year's survey also delves into why you should pay more attention to access control, the importance of user education, the benefits of collecting and analyzing security metrics, and the pros and cons of cyberbreach insurance.

About 20% of respondents have taken out breach insurance policies, but that may not be money well spent. It's difficult to accurately estimate the costs of a breach, including cleanup and remediation, so your policy may not cover the true extent of damages. If you really want insurance, spend some of that cash on an SDLC and sound risk management practices and leave the actuarial tables to hurricanes and car crashes.

chart: Top mobile device security concerns

Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.