Over one third of companies do not ask for regular security updates
Barcelona, Spain— Despite a spate of much publicised and costly security breaches, many organisations continually fail to review their own security procedures.
At yesterday’s Axis Action Forum, sponsored by RSA Security, over a third of delegates admitted that their Board had never asked for an update on security or implications of security breaches.
Tim Pickard, marketing director for EMEA at RSA Security, said: “This is an incredible statistic. You would have thought that with the number of high profile, brand damaging security breaches that have taken place recently, security would be one of the first items on the Board agenda.”
During yesterday’s Forum, which was attended by over 30 CIOs, IT Directors and Heads of Security from a range of medium to large businesses, delegates were told that Boardroom indifference might be due to the negativity associated with security issues.
Simon Linsley, head of consultancy and development, Philips said: “For years we have had to go to the Board with messages that create the Fear of God. We can no longer rely on these doom and gloom messages - we have to go to the Board with solutions that add value to the business.”
One of the issues around Boardroom involvement is that security has yet to be seen as an operational issue. As one delegate put it; “the only time security ever gets any attention is when there’s been a breach and by then it’s too late.”
Incredibly, despite the hype surrounding the so-called ‘internal malicious threat’, only one of the delegates registered this threat as one of their top three challenges for next year. High on the list of challenges was Compliance, hardly surprising bearing in mind recent legislation that can make executives personally liable.
Delegates also revealed that the top areas of spend within the IT budget focus on the prevention of external malicious attacks such as viruses, Spam and denial of service. These came ahead of compliance, securing the mobile workforce, improving the IT infrastructure and training.
Pickard said: “This doesn’t surprise me. Today, IT is grappling
with increased complexity and fragmentation in the business, coupled with more
risk from organised criminals. Although CIOs and IT Directors are responding
by allocating budget to these challenges, they must start to take a holistic
approach to securing their organisation, rather than reacting with point-solutions
every time there is a specific threat.”
About RSA Security, Inc.
RSA Security Inc. helps organizations protect private information and manage
the identities of people and applications accessing and exchanging that information.
RSA Security’s portfolio of solutions – including identity &
access management, secure mobile & remote access, secure enterprise access,
secure transactions and consumer identity protection – are all designed
to provide the most seamless e-security experience in the market. Our strong
reputation is built on our history of ingenuity, leadership, proven technologies
and our more than 15,000 customers around the globe. Together with more than
1,000 technology and integration partners, RSA Security inspires confidence
in everyone to experience the power and promise of the Internet. For more information,
please visit www.rsasecurity.com.
