[ news_security_news ]
Deloitte Calls Out Tech Firms On Security
David Utter
Staff Writer
2006-06-23
 Insider Reports RSS Feed
More than half of technology, media, and telecom (TMT) firms experienced security breaches over the past 12 months, but few adequately fund or deliver resources to improve the situation.
Business continuity plans have been an area where auditors at publicly traded companies have looked closely at their firm's preparation for the worst. Plenty of companies are privately held, and not subject to the arduous rigors of Sarbanes Oxley laws.
Deloitte Touche Tohmatsu does not name names in its discussion of preparedness, or lack thereof, by the high tech industry; some may be public while others are private. Their research claims to have found over half of the firms in their study experienced security breaches.
Out of those companies, few work proactively to mitigate the potential for greater security problems in the future. Most operate in a reactive mode, responding to security problems after a breach has occurred.
That doesn't bode well, Deloitte's survey noted ominously:
TMT companies revolve around digital information and technology, which are inherently vulnerable to corruption, piracy, attack and theft. Telecommunications operators are the gateway into the digital home and office, and media companies are increasingly creating and distributing content digitally. According to the survey, the frequency, magnitude and sophistication of breaches are growing.
Ironically, most TMT companies have not kept up with advances in technology when it comes to security, and few are spending what's needed. The majority of TMT companies surveyed consider themselves "reactive" when it comes to investing in information security, and only 4 percent believe they are doing enough to address the problem.
IT professionals across the whole spectrum of industries that do business with technology driving their operations likely recognized this scenario all too well. Executives who are more concerned with keeping their corporate fiefdoms intact tend to view IT as a cost center, a black hole into which money vanishes in greater sums each year.
It's an unfair assessment, but a realistic one that I've personally viewed. CEOs tend to like their nice offices and corporate perks, and bolstering the IT department with money for problems that have not happened yet runs against the grain of executive groupthink. Why put a high-powered job in jeopardy by lowering profits just because something might happen?
Marketing is sexy and enjoyable. Hammering away at a command line isn't. Marketing take place during business hours. IT tends to happen in bad ways in the late hours or on weekends.
Despite IT's importance, being subjected to a breach does not seem to have had an impact on companies as it should. Instead of being a wakeup call to proactivity, it's just another problem that needs to be patched up as cheaply as possible.
Most companies, 83 percent in Deloitte's study, view the internal threat to information systems as a greater problem than an external threat. That's not an unreasonable viewpoint to have.
Employees, especially in the accounting sections of a business, have access to a lot of sensitive information. A tiny USB drive can store dozens of documents, and a camera phone can capture images and send them flying out of a company.
Deloitte also noted that 78 percent of financial institutions reported security breaches from outside the company. That tripled the 26 percent that Deloitte learned about for the previous year.
The company does have suggestions on improving security. Its "Protecting the Digital Assets" report may be downloaded from Deloitte's website.
---
Tags: Deloitte, Security
Add to  Del.icio.us |  Digg |  Yahoo! My Web |  Furl
Get all the updates in RSS: 
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More news_security_news Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
