Less than a third of global businesses have an IT risk management programme in place capable of addressing the risks related to the use of new technologies, according to Ernst & Young’s 13th annual Global Information Security Survey. In spite of the rapid emergence of new technology, just one in 10 companies consider examining new and emerging IT trends a very important activity for the information security function to perform.
A significant increase in use of external service providers and business adoption of new technologies, such as cloud computing, social networking and Web 2.0, is recognised to increase risk for 60% of respondents. Yet, in spite of this, less than half (46%) intend to increase their annual investment in information security.
Paul van Kessel, Ernst & Young global IT risk and assurance leader, said: “Technology advances have provided an increasingly mobile workforce with seemingly endless ways to connect and interact with colleagues, customers and clients. These advances represent a massive opportunity for IT to deliver significant benefits to the organisation but new technology also means new risk. It is vital that companies not only recognise this risk, but take action to avoid it.”
The Mobile Workforce
Over half of respondents state that increased workforce mobility poses a considerable challenge to the effective delivery of information security initiatives, due to widespread use of mobile computing devices, allowing individuals to access and distribute business information from anywhere at any time. For almost two-thirds (64%) employees’ level of security awareness is recognised as a considerable challenge.
Van Kessel said: “As the mobile workforce continues to grow, so does the level of risk. In addition to implementing new technology solutions and re-engineering information flows, companies must focus on informing the workforce about risks. The delivery of effective, and regular, security awareness training is a critical success factor as companies attempt to keep pace with the changing environment.”
Plugging the Leak
Half of respondents plan to spend more over the next year on data leakage and data loss prevention – a seven percentage point increase from last year. To address potential new risks, 39% are making policy adjustments, 29% are implementing encryption techniques and 28% are implementing stronger identity and access management controls.
For the first time, continuous availability of critical IT resources was identified by respondents as one of the top five risks. Increased mobility and lack of control over end-user devices can cause problems when trying to implement effective and efficient business continuity and disaster recovery capabilities – identified by 50% of respondents as an area of increased expenditure.
Processing in the Cloud
Cloud computing services are gaining greater adoption: 23% of respondents are currently using cloud computing services and a further 15% are planning to use within the next 12 months. When asked if an external certification of cloud service providers would increase trust, 85% of respondents said yes, with 43% stating that the certification should be based upon an agreed standard and 22% requiring accreditation for the certifying body.
The annual BNP Paribas Cash Management University kicked off on Thursday morning with treasury professionals congregating in Paris from across Europe.
APIs may be a solution to MT940 challenges, says Karen Fagan, treasury operation manager, for British television company, ITV.
Kicking off the first day of the Singapore Fintech Festival, issues with cryptocurrencies were addressed by MIT media labs director, Joi Ito, and panels of technology leaders discussed how they’re using data analytics.
Sibos 2017 day two highlights: Brexit and banking, and why ‘data is the new oil’ in financial services
How nation first politics can impact global financial organisations It’s clear that data and regulation are the two key topics that are ... read more