Attacks on corporate information security increasing: Ernst & Young

Outpacing Change: Ernst & Young’s 2009 Global Information Security Survey, which polled more than 170 senior IT executives in the Middle East and Africa, reveals that external and internal attacks on information security this year have increased by 41 per cent and 25 per cent respectively. In addition, regulatory compliance costs accounted for moderate to significant increases in information security costs for 55 per cent of respondents. Only 6 per cent plan on spending less over the next 12 months on regulatory compliance.
 
The survey also revealed that retaliation from employees who were recently retrenched due to the economic downturn and a lack of adequate security budgets and resources are becoming major concerns for senior IT professionals. 75 per cent of respondents were concerned with possible retaliation from retrenched employees who have recently left their organizations, while 50 per cent of respondents ranked a lack of resources as a high or significant challenge; a notable increase of 17 percentage points over 2008.
 
40 per cent indicated that they planned to increase their annual investment in information security as a percentage of total expenditures and 52 per cent planned on maintaining the same level of spending in 2010.
 
Leveraging technology
Due to a heightening occurrence of data breaches, Data Leakage Prevention (DLP) technology is the second-highest security priority in the coming 12 months, identified by 40 per cent of respondents as one of their top three priorities. Data leakage prevention is the combination of tools and processes for identifying, monitoring and protecting sensitive data or information. Privacy and protection of personal data will become an even greater challenge for organizations as new technologies and services such as social networking, virtualization, cloud computing and radio-frequency identification (RFID) gain more widespread use.
 
One of the most startling findings is how few companies are encrypting their laptops. Only 41 per cent of respondents are currently encrypting them while only 17 per cent plan to do so in the next year. This is surprising for a number of reasons: the number of breaches that have occurred due to loss or theft of laptops; the fact that the technology is readily available and affordable to implement; and that the impact to users during deployment is relatively low and should no longer be a barrier.