Deloitte Touche Tohmatsu   Deloitte Touche Tohmatsu
Global > Australia > News & research > Media releases    
Security not keeping pace with technology and the growing threat from the ‘enemy within’
Published: 24/7/06
Contact: Melinda Loew
Deloitte
Media & Communications Manager
0404 058 616

Contact: Craig Mitchell
Deloitte
Risk Partner, TMT
0416 256 296

Contact: Dean Kingsley
Deloitte
Risk Partner, TMT
0416 107 415

Technology, media and telecommunications (TMT) companies are finding it hard to keep up with security threats presented by new technology and the growing risk of intellectual property theft by employees, according to a new Deloitte security report: Protecting the Digital Assets.

Deloitte TMT Risk Services Partner, Craig Mitchell, said more than half the 150 companies surveyed across 30 countries, including Australia, have experienced security breaches in the past year, with internal breaches representing half of these.

The survey was conducted in the first half of 2006 and ran in parallel to the annual Deloitte Global Financial Services Industry Security Survey to provide comparative benchmarks across industries.

"While TMT security executives say that security is a top concern, more than half of security executives surveyed admit their security investments are falling behind the threats or at best just catching up," Mr Mitchell said.

"In Australia our TMT industry is fairly unique because of the diversity in company sizes. Obviously, the larger or more established companies are best equipped to respond to the challenges of new security threats."

83 percent fear the enemy within

Mr Mitchell said the vast majority of TMT companies (83 percent) said they are concerned about employee misconduct involving information systems, with the theft of intellectual property being the internal threat cited most often by TMT companies.

"The report shows only 47 percent of respondents said they were very confident that their infrastructure is properly protected against internal attacks, as opposed to almost two-thirds (63 percent) admitting they felt adequately protected against external attacks," he said.

"Security policies, tools and reviews are absolute necessities, but this issue also needs to be attacked holistically throughout the organisation. A corporate culture must be established which engages individuals to be vigilant about security.

"As recent breaches have show, the threat within is growing and costing millions of dollars in damage to reputations, brand perception, revenue and productivity.

"For example, of the tens of thousands of movies illegally posted on file-sharing websites, industry estimates say that more than 70 percent were ‘leaked’ by movie studio employees, rather than stolen by external criminals."

The report showed that in the preceding year, the two biggest threats were "insider fraud" (25 percent) and "leakage of customer data" (22 percent).

Digital information –TMT’s life blood – is inherently vulnerable

Dean Kingsley, Deloitte Risk Services partner said the TMT sector revolves around digital information and technology, which is inherently vulnerable to corruption, piracy, attack and theft.

"Telecommunications operators are the gateway into the digital home and office, and media companies are increasingly creating and distributing content digitally," Mr Kingsley said.

"Many TMT companies have not kept up with advances in technology when it comes to security, and few are spending what is needed," he said.

"About 70 percent surveyed expect to spend more money on security in 2006, but the average increase is expected to be just nine percent – which is not enough.

"The majority of TMT companies surveyed stated they are ‘reactive’ when it comes to investing in information security, and only four percent believe they are doing enough to address the problem.

Mr Kingsley said security is still viewed from the perspective of server and network, where firewalls, anti-virus applications, spam-filtering and virtual private networks are enough.

"With the increased use of personal storage devices including USB keys and PDAs, security needs to be viewed from an end-to-end data lifecycle perspective, to protect data as it travels throughout the organisation and sometimes throughout the world.

"Increasingly we are receiving enquiries about using biometric identity verification tools as businesses realise they need to ensure access to equipment and data are completely secured," Mr Kingsley said.

Additional findings included:

  • phishing is considered to be a major threat to TMT companies with only 18 percent of those surveyed currently have implemented, anti-phishing technologies and just seven percent piloting technologies in this area
  • only 37 percent provided security training to employees in the last year
  • about one quarter (24 percent) believe the security tools they have deployed are being used effectively
  • only 20 percent of technology companies surveyed are "confident" that their patents and other intellectual property are properly protected; 24 percent are "concerned" or "very concerned" about IP protection
  • only one-third regularly perform security risk assessments.

What can companies do to protect themselves?

"The investment in security can be a strategic opportunity for TMT companies and can help them build brand differentiation through security and reliability," Mr Kingsley said.

Mr Kingsley advises companies to consider:

  • establishing formal security strategies, policies and procedures that will stay abreast of the latest challenges and threats, including email encryption and filtering of outgoing messages and careful monitoring of employees’ use of portable digital storage devices
  • improving security awareness and training at all levels of the organisation, starting at the top
  • allocating sufficient budget and resources to get ahead of security threats; playing catch-up is not good enough
  • focusing more resources on internal security threats
  • developing and maintaining a formal contingency plan for business continuity.

Comparisons to Financial Services Industry

Deloitte released its 4th Global Financial Services Industry Security in June. Some key comparative findings include:

  • Financial Services Companies Reporting the Most Security Breaches
  • More than three-quarters (78 percent) of financial institutions reported a security breach from outside the organisation in the past year, up from 26 percent in 2005; almost half (49 percent) experienced at least one internal breach, up from 35% in 2005.
  • 50 percent of TMT companies had a breach in the past year; about half of these were internal.

Most Companies Hiring Chief Security Officers

  • Three-quarters of financial services companies employ someone in this role
  •  Only 63 percent of TMT companies have a dedicated, senior-level security officer (or are in the process of appointing one); among technology companies, the number is only 53 percent

TMT Companies Lag in Business Continuity Plans

  • The vast majority 81 percent of financial services companies confirmed having an enterprise-wide business continuity management program in place.
  • Only 48 percent of TMT companies have an enterprise-wide program to manage business continuity

Deloitte TMT Security Survey Methodology

Deloitte surveyed chief information security officers, chief security officers and other members of the security management team at 150 companies in 30 countries. Forty-two (42) percent were in the Telecommunications industry; 34 percent were in the Technology industry; and 24 percent were in the Media industry. Sixty (60) percent of the companies are headquartered in Europe, Middle East and Africa; 24 percent are based in the U.S; and 16 percent are based in Asia-Pacific. The survey was conducted during the first quarter of 2006.

About Deloitte’s Security & Privacy Services

Deloitte member firm Security and Privacy Services professionals are positioned to design, develop and implement industry-leading information security solutions for businesses. Deloitte member firm services include security management, vulnerability management, identity management, application & data security, privacy & confidentiality and business continuity Management. Deloitte member firms offer knowledge and experience combined with national coverage and global reach. Combined member firm resources include over 600 Certified Information Systems Security Professionals (CISSPs) and access to technology solution sets developed through various long standing Deloitte Touche Tohmatsu and Deloitte member firm vendor alliances.
Attachments
MR TMT Sec Survey July 24 (54 KB)
Press releases
Protecting the digital assets (440 KB)
Deloitte survey

Contact us for more information about this topic.
 
Page Last Updated: 14 April 2007
Source: Deloitte Touche Tohmatsu - Australia (English)

Print This Page    Email To A Colleague
  Security | Legal | Privacy    

© 2008 Deloitte Touche Tohmatsu. All rights reserved.

Deloitte refers to one or more of Deloitte Touche Tohmatsu, a Swiss Verein, and its network of member firms, each of which is a legally separate and independent entity.  Please see www.deloitte.com/au/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu and its member firms.

Liability limited by a scheme approved under Professional Standards Legislation.

Podcasts | RSS feeds