Thursday, September 15, 2005

The Global State of Information Security: Still Risky Business...

Operational Risks are rising and executives are more interested in preparing their employees for the next crisis.

In a recent worldwide study by CIO Magazine and PWC concerning their risks, thousands of security leaders are fanning the flames over so many breaches and so little insight.

The survey asked about next year's 2006 top priorities or To-Do List:

1. Business Crisis and Continuity Management

2. Employee Training and Awareness programs

3. Data Backup

4. Overall Information Security Strategy

5. Network Firewalls


The good news is that the budgets are finally rising in light of increased theft of intellectual property and identities along with other major information crimes. Budgets in 2005 are now 13% of the IT budget. Consolidation and compliance are issues to be managed however these have bogged down strategic initiatives for the future.

Even after spending in the billions, incidents are still rising and these are the sources of the attacks:

59% - Malicious code

26% - Unknown

25% - Unauthorized entry

21% - Denial-of-service


And what is the most enlightening or discouraging statistic from this group is the answer to the question: When an incident does occur as a result of an attack, who do you tell?

No One - 55%

Customers - 16%

Partners/suppliers - 14%


Is there some correlation between the 26% unknown sources of attacks and the 55% of the incidents where no one is told about it.

No comments: