A Reality Check On Information Security


We’ve all heard the stories of hacked websites and the loss of irreplaceable data and proprietary information.

No business is immune to security breaches, even with advanced technology, smart software and a diligent IT staff, according to Mark Lobel, principal at PricewaterhouseCoopers (PwC), which recently released a telling report on information security titled 2012 Global State of Information Security.

The study surveyed 9,615 executives and revealed a reality check about how companies, both large and small, view their information security strategies.

Here are some of the key findings:

  • 48 percent of respondents say their organization has an information strategy in place and is proactively executing it
  • 75 percent say they are confident that their organization’s information security is effective
  • Telcos have made significant gains in strengthening their technology safeguards to protect data from potential breaches and cyber crime
  • 80 percent of respondents can now provide specific information about security frequency, type and source, and are reporting that financial losses due to security breaches are down 28 percent over last year
  • 60 percent believe security spending will increase.

However, on the flip side, the report also shows another trend in the business community, including small businesses.

“In the field, there is a lack of understanding on the nature and type of attacks. Just 34 percent have a security strategy for social media, and 45 percent for mobile devices. You would think having a strategy for those would be important,” said Mark Lobel, principal at PwC.

Spending cuts on security was also in the mix, at least for this year, the report found.

For example, 56 percent of companies said they have deferred security capital expenditures in 2011, while 58 percent have reduced capital expense.

 “The key question is: are you spending on the right things and are they effective? It’s a constant cat and mouse game to eliminate new breaches, which is impossible. So, you must invest in the next best security things, and executives must understand it’s a constantly evolving area that needs investment,” Lobel maintains.

And just where should those investments go?

Said Lobel: “Four things lead to effective information security: A sound strategy, a senior person communicating that strategy to the CEO or President, testing and monitoring. There must be planning and patience to keep up with the criminal eco-system, which is now larger and more complex on a global level.”

PwC recommends businesses include five key components to their security strategies:

  1. Have a document security strategy that addresses key business and technology risks
  2. Have a security executive that reports to the top of the organization
  3. Put monitoring controls in place such as data leak prevention tools, intrusion detection tools, and monitor them regularly
  4. Train all employees on their security responsibilities and good practices
  5. Test your security control regularly to confirm they are effective.

Windstream is keeping up with the security needs of businesses and offers managed network security services, a crucial component to businesses as they move into cloud services.

For example, its suite of security features include anti-virus protection, 24/7 monitoring by Windstream’s network operations center, security log storage, weekly security reporting, flexible delivery methods: CPE or Cloud-based, Web content filtering and more.

It’s probably time for businesses to re-evaluate their security strategies, particularly when transitioning to the cloud.

Craig Kuhl is a well-known writer and speaker on the telecom, Internet, and small business segments.  He serves as Contributing Editor of CED Magazine, The Premier Magazine for Broadband Technology.  He also serves as Telecom Advisor to Small Business Resources.