CIOs will increase their security spending in 2012 following the series of hack attacks that occurred in 2011, according to new research by analyst firm Telsyte.
The study, Australian CIO information security priorities, surveyed more than 320 Australian CIOs, IT and security managers, and found that around 29 per cent of organisations will increase their security budgets by more than 10 per cent in 2012.
According to Telsyte senior analyst, Rodney Gedda, board and senior management will be more likely to support and back security projects, which had previously been viewed as an “unwanted operating expense”.
Gedda also pointed out in the research that a “significant percentage” of organisations had experienced at least one security breach in the past 12 months, which contributed to the increased security awareness among senior staff as well.
“According to the results, the threats are very real and it’s not just a case of a small percentage of organisations that have experienced a security breach, it’s a question of quite a lot of them,” Gedda told CIO Australia.
For 20 per cent of CIOs, Cloud and mobile security topped the priority list, as both are most vulnerable to malware and external hacks.
According to Telsyte’s Digital Nation 2012 book, the increased risk to data security is fuelled by the prediction that 8.8 million Australians will use smartphones and 2.54 million will use tablets by 2012, which shows no signs of abating with the rise of bring-your-own-device (BYOD) in the enterprise.
Hence, CIOs must find a way to manage and control the growing prevalence and myriad of mobile devices in their organisations to minimise the risks of a security breach.
“There’s more of a beachhead or an attack vector for data to be lost with a mobile device, like bring your own device [BYOD], and the priority of data loss, leak prevention is very high,” Gedda said.
“CIOs need to investigate methods for preventing what they classify as being important data.
“Work data might be emails, might be documents, could be passwords, things like that, compared to personal data, which might be social media accounts and photos on the same device. So, it’s deﬁnitely a growing area of concern.
“Also, people like CIOs and CEOs and other senior management want to use them as part of the network as well, so it’s no longer a case where CIOs can mandate a particular kind of device and everyone has to use that.
“Now, it’s a case where people at the same level or even higher than the CIO are wanting to use personal devices in the work place, so CIOs need to be conscious of what goes on those devices and how they can be securely partitioned from work data and personal data.”
CIOs should start by focussing on perimeter security and fortifying their security systems with up-to-date software, as some attacks were found to be software-related; invest in more advanced network security equipment, such as firewalls and intrusion prevention systems; or using the padding to vet content before it even comes in.
In addition, Gedda advised CIOs to back up their data and have in place a data recovery plan as the last line of defence in the event their security systems are broken into.
“If you’ve got backups and disaster recovery, you can at the very least have some sort of confidence that your data will be safe because once the system has been compromised, a hacker could do whatever they want with the data,” Gedda said.
Follow Diana Nguyen on Twitter: @diananguyen9
Follow CIO Australia on Twitter: @CIO_Australia