News

06:25 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Strategic Security Survey: ID The Right Threats

Identify the right threats for effective risk management.

Get the full-length InformationWeek Strategic Security Survey
Analytics Report

Our InformationWeek Strategic Security Survey, now in its 15th year, is a great trend spotter--when we see a double-digit, year-over-year percentage-point shift, we take notice. For example, based on 946 responses, only 15% feel they're more vulnerable than a year ago, which is the same percentage as in 2011. However, among those feeling more vulnerable, the percentage of IT pros worried that there are more ways to attack their networks plunged, from 76% to 62%. The concern that's on the rise is the growing amount of customer data to secure: up to 44% from 34% a year ago.

IT's also paying closer attention to the security of public cloud service providers. Last year, just 18% conducted their own audits; now it's up to 29%. Use of providers' own audit reports is also up. To the 9% who want to conduct risk assessments but are stymied by uncooperative vendors, we say consider that resistance a big red warning flag.

One area where we saw surprisingly little movement is mobile security: 25% say smartphones and tablets represent a significant threat, up just a tick from 24%. Loss or theft is IT's greatest concern, and for good reason, since end users are more likely to leave a tablet in a cab than they are to download a malicious app. That's why mobile device management software that can remotely wipe data, protecting the organization from a potentially messy information leak, is so critical.

Another constant among our respondents is perceived cloud risks. Top worries include leaks of customer data and security defects in the providers' systems, unchanged from last year.

Cloud and mobility may be hot-button issues, but our report goes deeper. Consider a secure software development life cycle (SDLC) process. We recommend investing in a process to ensure that your software isn't laden with flaws that attackers can exploit, yet just one-third of respondents have formal programs in place. That's one trend line that we hope angles up for 2013, aided by the fact that among respondents whose shops do use secure SDLCs, 33% rate them very effective.

This year's survey also delves into why you should pay more attention to access control, the importance of user education, the benefits of collecting and analyzing security metrics, and the pros and cons of cyberbreach insurance.

About 20% of respondents have taken out breach insurance policies, but that may not be money well spent. It's difficult to accurately estimate the costs of a breach, including cleanup and remediation, so your policy may not cover the true extent of damages. If you really want insurance, spend some of that cash on an SDLC and sound risk management practices and leave the actuarial tables to hurricanes and car crashes.

chart: Top mobile device security concerns

Comment  | 
Print  | 
More Insights
Audio Interviews
Archived Audio Interviews
This radio show will provide listeners with guidance from Dell Storage experts, who can help you explore ways to simplify workload management while achieving a balance of price and performance.
Slideshows
White Papers
Register for Network Computing Newsletters
Current Issue
2014 State of Unified Communications
2014 State of Unified Communications
If you thought consumerization killed UC, think again: 70% of our 488 respondents have or plan to put systems in place. Of those, 34% will roll UC out to 76% or more of their user base. And there’s some good news for UCaaS providers.
Video
Twitter Feed
Cartoon