Ex Employees Pose Growing Security Threat
Reprisals from recently departed employees and a lack of adequate security budgets and resources are becoming major concerns for senior IT professionals, according to the 12th annual Ernst & Young Global Information Security Survey.
By Steve Wexler
75% of respondents fear reprisals
According to nearly 1,900 senior executives in more than 60 countries, 75% are concerned with the possible reprisal from employees who have left their organizations.
42% are trying to understand the potential risks related to this issue and 26% are already taking steps to mitigate them.
Companies must do risk assessment
"Increasingly, the employer’s IT system has become a common target and data theft is also prevalent," says Paul van Kessel, Global Leader of Ernst & Young’s Information Technology Risk and Assurance Services practice.
Budget challenges
Despite 50% of respondents ranking this as a high or significant challenge, up 17% from 2008, less than half (40%) plan to increase their annual investment in information security as a percentage of total expenditures, while 52% plan to maintain the same level of spending.
Security requires more investment
Information security today already requires a lot more investment, as organizations race to catch up with an accelerating threat landscape, after a much delayed start. However, information security is not immune to external economic forces and senior IT professionals will need to improve efficiency and effectiveness while keeping spending to a minimum."
Regulatory compliance a top priority
Regulatory compliance is also a top priority and continues to be an important driver of information security improvements.
55% of respondents indicate that regulatory compliance costs account for moderate to significant increases in their overall information security costs. Only five percent plan on spending less over the next 12 months on regulatory compliance.
Changing security landscape
Government and industry-led regulations have resulted in organizations adopting a more-structured approach to information security. Becoming compliant is changing organizations’ security procedures and policies for the better.
Comprehensive security
Companies must shift their focus from exercising ‘point in time’ security activities to incorporating information security into a comprehensive, enterprise-wide governance, risk and compliance program where managing and automating these efforts on a cost-effective basis can help drive overall business performance improvement."
Leveraging technology
Implementing or improving Data Leakage Prevention (DLP) technologies -the combination of tools and processes for identifying, monitoring and protecting sensitive data or information -is the second-highest security priority in the coming 12 months. Forty percent of respondents rank this as one of their top three priorities.
Laptop encryption lagging
Only 41% currently encrypt them, with 17% planning to do so in the next year. This is surprising given the number of breaches that have occurred due to loss or theft of laptops, that encryption technology is readily available and affordable and that the impact to users during deployment is relatively low.
Holistic approach
Organizations are abandoning old paradigms by taking a holistic approach that integrates information security within the business. It is a more flexible, risk-based approach focused on protecting the organization’s critical information. It is also better suited to the connected business model needed to support today’s increasingly mobile and global workforce.