• Great articles on other sites
  • RSS Great articles on other sites

  • Renai's other site: Sci-fi + fantasy book news and reviews
  • RSS Renai LeMay

  • Enterprise IT, News - Written by on Wednesday, February 29, 2012 11:44 - 0 Comments

    Hacks focus CIOs on IT security

    news After the spate of high-profile hacking incidents in 2011, Australian CIOs and IT and security managers are taking no chances this year. According to new research by local analyst firm Telsyte, Australian enterprises will increase their security spending and change their information security strategies in 2012.

    Telsyte said that it surveyed more than 320 senior IT executives on their information security priorities, spending intentions, and products and services usage as part of the Telsyte Australian CIO information security priorities study 2012, which the company claims is one of the largest local market research studies of its type.

    The study indicated that nearly a quarter of Australian enterprises plan to change their security strategies as a result of the events of 2011. It said that an increased awareness of security among the board and senior management members represented the most significant strategic shift. There is also going to be more focus now on operating system security, backups and disaster recovery.

    According to Telsyte senior analyst Rodney Gedda, for many Australian CIOs and security engineers, the untoward events of 2011 have turned into a blessing. “Security is often viewed by senior management as an unwanted operating expense, but when the company’s reputation and revenue is exposed, as demonstrated so flagrantly last year, security becomes more strategic,” said Gedda.

    Going by Telsyte’s research, security spending is also on the up with 29 per cent of organisations planning to increase their budget in 2012.

    “With security spending on the up this year, CIOs are looking to engage with numerous providers to defend their organisations against increasingly multi-faceted threats,” said Gedda. The top security priorities for CIOs is stopping malware and preventing external attacks, but there is an increasing amount of concern around the threat that mobile devices like smartphones and media tablets pose, as well as cloud computing. The study pointed out that approximately 20 per cent of CIOs rate mobile and cloud security as a critical priority and around one-third rate them as very important.

    “While mobile and cloud security are still relatively low on the security priority list for CIOs, these will become an increasing priority, particularly if there are high-profile incidents relating to these two trends,” said Gedda. He added, “A significant percentage of organisations have experienced at least one information security breach over the past 12 months, indicating threats are very real and require constant defence. Mobile security incidents outnumber cloud data breaches, but with the events of 2011 looking to continue this year CIOs need to be prepared for a high-profile security incident outside their organisation’s borders.”

    It’s all very nice to say that CIOs are increasing spending on security, but what does this really mean? IT security vendors have known for a very long time that the desktop PC security market — where most of the threats come into organisations — has been commoditised. Virtually every large organisation has a comprehensive anti-virus/anti-malware ‘kitchen sink’-style suite installed on their employees’ desktop PCs and has had for years.

    The same is often true of server environments. Firewalls, server-side email anti-spam/anti-malware suites, server protection tools, off-site backup and disaster recovery … much of this has been in place for years. And physical building security is pretty well understood.

    One area which I would think organisations would need to look more closely at would be more discrete data protection. That is, not just throwing a security blanket over an organisation’s entire data set, but looking at what sets of data are critical to the organisation and need to be protected with higher levels. Any data used by the top levels of executive management, for starters: You don’t want the CEO’s email or the CFO’s spreadsheets being stolen. Customer database, secret product development initiatives; this kind of stuff.

    Anything that’s going to provide the organisation with a sustainable market advantage, or threaten ongoing operations, probably needs a higher level of protection than run of the mill information.

    I would also bet that some organisations are starting to invest, finally, in data encryption. For the longest time, corporate data has been firewalled off and scanned for malware; but it hasn’t been encrypted. But mass corporate encryption, with the tools to do so centrally administered, could do a lot for data leakage. Even if you can steal the data, it won’t mean much if it’s scrambled.

    Opinion/analysis by Renai LeMay

    Print Friendly

    Comments are closed.

  • Get our weekly newsletter

    All our stories, just one email a week.

    Email address:

    Follow us on social media

    Use your RSS reader to subscribe to our articles feed or to our comments feed.

  • Most Popular Content

  • Enterprise IT stories

    • Legacy health software lands SA Govt in court doctor

      In which the South Australian Government comes up with complex legal arguments as to why it should be able to continue to use a 1980’s software package.

    • Microsoft wants to win you back with Windows 10 windows-10

      The latest version of Microsoft’s Windows operating system will begin rolling out from Wednesday (July 29). And remarkably, Windows 10 will be offered as a free upgrade to those users who already have Windows 7 and 8.1 installed.

    • Qld Govt Depts have no disaster recovery plan brisvegas2

      Two sizable Queensland Government departments have no central disaster recovery plan, the state’s Auditor-General has found, despite the region’s ongoing struggles with extreme weather conditions that have previously knocked out telecommunications and data centre infrastructure.

    • ASD releases Windows 8 hardening guide windows-8-1

      The Australian Signals Directorate appears to have released a guide to hardening Microsoft’s Windows 8 operating system, three years after the software was released for use by corporate customers, and as Microsoft is slated to release its next upgrade, Windows 10.

    • ASG picks up $35m CIMIC IT services deal money

      Perth-headquartered IT services group ASG this week revealed it had picked up a deal worth at least $35 million over five years with CIMIC Group — the massive construction and contracting group previously known as Leighton Holdings.

  • Blog, Policy + Politics - Jul 31, 2015 12:43 - 0 Comments

    Google ploughs $1m into Australian tech education

    More In Policy + Politics

    Blog, Enterprise IT - Jul 31, 2015 14:16 - 1 Comment

    Legacy health software lands SA Govt in court

    More In Enterprise IT

    Industry, News - Jul 28, 2015 12:37 - 0 Comments

    ICAC to investigate NSW TAFE ICT manager

    More In Industry

    Consumer Tech, News - Jul 29, 2015 17:14 - 11 Comments

    Telstra integrates Netflix, Stan, Presto into re-badged Roku box

    More In Consumer Tech