The 2012 Global State of Information Security Survey reveals that 43 percent of global companies think they have an effective information security strategy in place and are proactively executing their plans, placing them in the category of information security “front-runners.” Twenty-seven percent of respondents identified themselves as “strategists” while the remaining identified themselves as “tacticians” and “firefighters” (15 and 14 percent respectively). The study, the largest of its kind, is conducted by PwC US in conjunction with CIO and CSO magazines.
The survey of more than 9,600 security executives from 138 countries found that 72 percent of respondents report confidence in the effectiveness of their organization’s information security activities - however confidence has declined markedly since 2006. The findings of the survey have helped carve a new definition of an information security leader. Even though 43 percent see themselves as “front-runners,” according to the survey only 13 percent made the “leader” cut. Those identified as leaders have an overall information security strategy in place, a CIO or executive equivalent who reports to the “top of the house,” measured and reviewed security policy effectiveness, and an understanding of the security breaches facing the organization in the past year.
Since 2007, there has a been a dramatic leap in organizations’ awareness and insight into the types and frequency of attacks, particularly in the industries of aerospace & defense, financial services, technology, telecom and the public sector.
According to the survey, the rise of cloud computing has improved but also complicated the security landscape. More than four out of ten respondents report that their organization uses cloud computing: 69 percent for software-as-a-service, 47 percent for infrastructure-as-a-service and 33 percent for platform-as-a-service. Fifty-four percent of organizations say that cloud technologies have improved security; while 23 percent say it has increased vulnerability. The largest perceived risk is the uncertain ability to enforce provider security policies.
Mobile devices and social media represent a significant new line of risk -- and a demand for prevention. Organizations are beginning to amplify their efforts to prevent mobile and social media based attacks. Forty-three percent of respondents have a security strategy for employee use of personal devices, 37 percent have a security strategy for mobile devices and 32 percent have a security strategy for social media.
Increased awareness of attacks may correlate with organizations mobilizing in certain areas of IT spending. Investments in application firewalls increased from 72 percent last year to 80 percent this year and malicious code detection tools have increased 11 percentage points -- from 72 percent last year to 83 percent this year.
More information on Information Technology can be found at www.SupportIndustry.com
No comments:
Post a Comment