Deloitte: Tech Companies Treading Water with Security, Privacy Issues

Electronics | Change

Top Docs
IEC 60529 Degrees Of Protection Provided By Enclosures (IP CODE)
TIA-603 Land Mobile FM OR PM - Communications Equipment - Measurement And Performance Standards
IEC 61000-4-3 Electromagnetic Compatibility (EMC) - Part 4-3: Testing And Measurement Techniques - Radiated, Radio-Frequency, Electromagnetic Field Immunity Test
NEMA 250 Enclosures For Electrical Equipment (1000 Volts Maximum)
IEC 61508 SET Functional Safety Of Electrical, Electronic, Programmable Electronic Safety Systems Set
IEC 60068-2-27 Environmental Testing - Part 2-27: Tests - Test EA And Guidance: Shock
UL 1642 Lithium Batteries

Deloitte: Tech Companies Treading Water with Security, Privacy Issues

February 1, 2008 // Published as a news service by IHS

Electronics & Telecom Docs

IHS sells a full selection of standards documents & collections from the industry's top organizations.
To learn more, and for a free quote, please complete the form below.

	TIA Collection
	NEMA Collection
	CEA Collection
	EIA Collection
	ITU Collections
	IEEE Collections
	EU EMC Collections
	IEC Collections

First Name:

Last Name:

Email address:

Technology, media and telecommunications businesses must increase their efforts and investments to stay on top of growing security and privacy threats, according to recent analysis from Deloitte Touche Tohmatsu.

When it comes to security and privacy, the majority of technology companies that responded to a recent survey from Deloitte find themselves "treading water." Despite increased security investments, many are just managing to keep pace with the growing threats, analysts said.

RELATED CONTENT

Electronics & Telecom Standards Collections
IEC standards development, standards adoption, standards revision.

IEC Standards News
Selected Electronics & Telecommunications standards, codes and documents.

Electronics & Telecom Standards

Deloitte conducted an in-depth survey of security practices at more than 100 technology organizations around the world.

The global survey respondents included companies from across all three sectors (technology, media, telecommunications); 54% of which employ between 5,000-50,000 employees and 47% of which report revenue between $1 billion and $10 billion.

In the 12 months preceding the survey, most companies successfully avoided a major security crisis, with 69% of respondents saying they were "very confident" or "extremely confident" about their organization’s effectiveness at tackling external security challenges.

However, only 56% displayed confidence in addressing internal threats.

"The most dangerous threats come from within," said Jacques Buith, security and privacy leader of Deloitte's technology, media, telecommunications industry group. "This is a threat most companies are in a position to control."

Technology companies may also be developing a false sense of security about digital rights management (DRM), security and the mobile workforce and physical security versus information security, analysts said.

According to the survey, these companies are built on a base of physical assets (buildings, infrastructure) and information assets (such as digital content), yet most companies continue to treat physical security and information security as separate and distinct, meaning they could be missing out on some important opportunities.

In light of the fact that technology companies must avoid the risk of various security breaches, including identity theft, data leakage, account fraud, phishing and more, analysts said the survey closely examined how many of these companies have a governance framework in place. Most respondents - 82% - already have such a framework and another 3% plan to within the next two years. Only a few organizations, 6%, do not have one and do not intend to put one in place.

There are many factors that can cause companies to decide against an information security governance framework, analysts said. For instance, the number of chief information security officers (CISOs) appointed in the companies surveyed, increased from 57% to 65% in the past year. CISOs are still not industry standard among technology corporate officers, yet they are one of the keys to effective information governance.

The survey found that only 13% of CISOs have a tenure of more than 10 years, whereas the highest percentage, 39%, responded having held a CISO position for just three to five years. Analysts said this indicates there is still an upward trend toward governance frameworks overall.

Another prerequisite for effective information security is the implementation of an information security strategy that aligns with corporate initiatives. Analysts said such a strategy must be closely linked to the company's overall business strategy, business requirements and key business drivers.

Survey results also showed that 54% of technology, media and telecommunications companies have put a formal information security strategy in place. Another 20% intend to do so within two years. Analysts said 17% of the surveyed companies see the lack of such a strategy as one of their biggest barriers to achieving information security.

With a broad range of technology choices and dozens of elements of today’s business environment challenging information security each day in tech companies, the amount of detail can be overwhelming.

Analysts said this year's Deloitte survey reveals an overwhelming need for these companies to focus on all of the different aspects of information security - having the technology in place, establishing protocols to react to security breaches and the effect of a talent crisis on the information security of a company.

"The bottom line - there is a lot of work to be done," said Buith. "Increasing security efforts now will make all the difference when that next security threat reveals itself on the horizon."

Source: Deloitte Touche Tohmatsu (DTT).