2010 Global Financial Services Security Survey
The new decade marks a turning point for those of us in the information security industry. We now live in an age of cyber warfare. The environment is dangerous and sinister. The children who used to make mischief in their basements are now only bit players and rarely make the news anymore. They have been superseded by organized crime, governments and individuals who make computer fraud their full-time business, either for monetary gain or for competitive or technological advantage. Countries now accuse each other of cyber warfare. Every network of substantial size has been compromised in some way. Governments are appointing senior military brass to focus on cyber warfare. The stakes have never been higher and the battle is being fought in every corner of the world. It’s all out there: botnets, zombie networks, Trojans, malware, spam, phishing, much of it now so sophisticated even the most wary of us can be tricked.
We talk a lot about the increasing sophistication of threats. Now we have something else to deal with as well: the decreasing level of competence required to pose a threat. Consider Mariposa, the botnet that originated in Spain and infected millions of computers. The perpetrators had “limited computer skills” and they didn’t write their own brilliant computer program they simply downloaded what they needed from the internet. A new reality is the increasing availability of tools on the internet, allowing those with less knowhow to get in on the cyber crime act.
This year’s security study responses support the reality that a turning point in the industry has arrived:
For the first time, organizations are proactive, embracing new technologies as “early majority adopters”, no longer content, as “late majority adopters”, to simply be reactive.
For the first time, the lowest percentage of respondents (36%) stated that “lack of sufficient budget”, is the major barrier to ensuring information security, compared to 56% last year. During the worst economic downturn in recent memory when so many budgets are being cut, information security budgets are safe for the most part and many have increased.
For the first time, information security compliance (internal/external audit) remediation is a top-five security initiative as organizations gear up for increased regulation and legislation.
For the first time, more than half of organizations state that physical information, such as paper, is within the mandate and scope of the executive responsible for information security. The response (59%) is still too low - and indicates a security gap but, in our opinion, it is moving in the right direction.
This is the seventh year of our survey. We’ve been discussing change for years. Now it’s here. It will take all our smarts, all our knowledge and all our expertise to wage and win the cyber war. It will be challenging and exciting but there will be progress on many fronts. In our view, there is no better time than the present decade to be part of the information security industry.