Consumer business organizations need to reassess threat landscape

Many consumer business organizations are not focusing on the right areas to best respond to threats, according to the inaugural Deloitte Touche Tohmatsu (DTT) 2009 global consumer business security study, ‘Security can’t be discounted’, released this week. Infrastructure, security governance, insider threats, and budgets are among the areas that need to be re-examined in light of the current information security threat environment, the study reveals.

The DTT Consumer Business study is based on discussions with information technology executives and information officers of global consumer business organizations, and includes perspectives and commentary from Deloitte member firm subject matter experts.

“Consumer business organizations are the ‘front lines’ when it comes to customer information because of the amount of personal and financial data with which they are entrusted,” says Adel Melek, DTT Global Security, privacy & resiliency leader. “Our study found that the industry needs to re-focus its information security efforts to best respond to increasingly sophisticated and innovative threats.”

The DTT study reveals that, in many areas, consumer business organizations are simply not focusing on the right areas to best respond to the threats that face them:

* Many organizations still consider information security primarily a technology infrastructure issue. Fifty one percent of respondents identify their top security initiative for 2009 as security infrastructure improvement.

* Respondents are placing a less prominent focus on security governance – 53 percent of organizations are operating without an approved security governance structure, despite the fact that security governance helps to ensure that proper security controls are in place.

* Managing insider threats receives a low ranking among top security initiatives for 2009 – only 10 percent of organizations interviewed identify it as their top priority, despite respondents acknowledging that people, including third parties, are their organizations’ weakest link.

Additional findings include:
* Business continuity and disaster recovery have been neglected in the past but are getting more attention. Only 9 percent of responding organizations have an enterprise-wide business continuity plan that has been documented and approved for all critical functions. But this is not a state that respondents are satisfied with, since disaster recovery is the second most-mentioned security initiative for 2009.

* Consumer business organizations have a ‘last one to adopt’ approach when it comes to security technology. When asked which category best describes their organization’s adoption of security technology, 52 percent of respondents state that they are ‘late majority’, meaning that they are content to use technology that is ‘proven’. However, old hardware and out-of-date technology may put customer data at risk.

www.deloitte.com

•Date: 20th Nov 2009• Region: World •Type: Article •Topic: ISM news
Rate this article or make a comment - click here