While pressured to adopt new mobile technologies and implement access to social media, 83 per cent of Canadian companies are concerned with heightened tech risks, according to a new report from Ernst & Young.
And 63 per cent reported that they don't have sufficient budget to appropriately secure their IT infrastructure, found the 2011 Global Information Security Survey.
"The introduction of smartphones and tablets in the working environment has extended the virtual boundaries of the enterprise, blurring the lines between home and the office. Constant access to email and sensitive corporate data from anywhere, anytime may improve productivity, but also increases security risks,” said Gaétan Houle, associate partner and national leader for IT security advisory services at Ernst & Young.
While 62 per cent of survey respondents plan to increase their information security budgets in the next 12 months, only 37 per cent will spend more on security monitoring.
"This is a bit concerning," said Houle. "The introduction of personal smartphones and tablets, combined with the increasing demand for access to social media has opened up several new attack vectors for advanced persistent threats (APTs), which are a well-resourced, highly capable and relentless class of hackers."
APTs are successful because they developed the capability to bypass traditional security defences, which makes it extremely difficult for companies to discover the intrusion and develop appropriate solutions to address the threat, said Ernst & Young.
"This is mainly why security monitoring should be given a higher priority. Given the rapid evolution of APTs, most companies would probably be better off outsourcing the monitoring of their Internet traffic to the pros," said Houle.
Executives also have social media on their radar. Most respondents (72 per cent) said external malicious attacks were their top risk, with nearly 40 per cent of companies rating social media-related risks as challenging. This is not surprising as we see an increasing number of attacks that draw information from social media to use in more effective phishing emails, said Houle.
To help address potential risks posed by social media, organizations seem to be adopting a hard line response. Just over one-half (53 per cent) have responded by blocking access to sites. This response, while perhaps addressing external threats, does not completely deal with the widespread global personal adoption of social media usage and benefits that their integration into business may generate, said Houle.
“In fact, the lack of an integrated information security policy for both access to and use of social media may prevent companies from keeping pace with competitors and may be creating a sense of mistrust with employees.”
Companies should embrace the full advantages of social media and, from a prevention perspective, develop a policy that explicitly addresses external social media and educates users about the potential damage to the organization's brand, according to Ernst & Young.
© Copyright Canadian HR Reporter, HAB Press. All rights reserved.