| IT security regional snapshots In a comprehensive look at the state of IT security among the top 500 global financial institutions, chief security officers (CSO) and chief information security officers (CISO) said more attacks are committed by external sources and not company insiders, according to a new study released today by Deloitte & Touche LLP. Additionally, financial organisations made significant investments toward improving their IT security, despite current economic and budget constraints. Thirty-nine percent of respondents had experienced a security breach within the past year. These stated that only 10 percent of the attacks originated internally - contradicting a common belief that the vast majority of cyber crime originates from within the organisation rather than an external attack. Overall, global financial institutions have implemented a variety of information security practices and technologies, maintained or increased security budgets and boosted IT security staffing levels despite the worldwide economic downturn, according to the study. For example, 80 percent of respondents have a formal information security strategy in place. Moreover, 61 percent of organisations either have a CSO or CISO. Strong regional differences in attitudes toward security also surfaced in the results. * US respondents reported the highest implementation levels of all regions of every security measure except for the adoption of security and privacy standards, and the use of biometrics and public key infrastructure (PKI). Also, CISOs and CSOs in the US have the broadest scope of security coverage, with the exception of the compliance function, with Europe, the Middle East and Africa (EMEA) region reporting the highest coverage. US respondents were early technology adopters and characterise the level of risk their organisations strive to achieve as "effective and efficient." Finally, respondents from the US showed the highest levels of business continuity/disaster response development, maintenance and testing - not surprising considering the events of September 11th. * Canadian respondents were driven by activities of their competitors. While rating themselves as highly as US respondents on use of security tools, adoption of new technologies, performance of ethical hacking and penetration testing, Canadians had the least deployment of biometrics and the lowest rate of security standards adoption among other regions. Canadians were relatively less concerned over availability of qualified security resources, budgets and the increased sophistication of threats. * Respondents from organisations in Europe, the Middle East and Africa (EMEA) were motivated by fear of exposure and the demand for compliance to differing laws and regulations, but employed the least use of ethical hacking and network penetration testing. They classify themselves as "effective users of demonstrated technologies" and are ahead of the pack when it comes to policy setting, security standards, privacy, use of PKI, biometrics and security expenditure. Compared to the US, EMEA respondents had the lowest levels of business continuity/disaster response planning and testing. * Respondents from Asia Pacific were not risk-takers and were relatively late adopters of security technologies, except for directory services, wireless security and smart cards. They had the highest levels of concern regarding increasingly sophisticated threats, but also reported the least amount of concern about the interoperability of different products. * Latin America respondents, who characterised themselves as "fast followers," reported the least deployment of incident response systems, the least deployment of ethical hacking and testing techniques and the lowest level of security for third-party access technologies. However, Latin American organisations had the highest adoption rate for biometrics of all the regions. OTHER FINDINGS: www.deloitte.com/us/security
•Date:
22nd May 2003 •Region: Worldwide •Type:
Article •Topic: IT
security
|
