Security Threats Go Global

As technology permeates every functional area of a business and more company staff assumes the role of a knowledge worker, organizations across the globe must contend with new security threats and vulnerabilities. CompTIA’s 9^th Annual Information Security Trends finds that like in the United States, information security is the top strategic priority in Brazil, India, Japan, South Africa and the United Kingdom.

Professionals responsible for information security in these countries also expect IT budgets to increase in 2012. Data from Gartner notes that worldwide security services spending has increased and will continue to increase across all regions.

Our data finds that a very high proportion of companies have experienced breaches and a high proportion of these incidents were classified as serious. Much like in the United States, this issue is compounded by the fact that companies believe that they might have experienced undetected breaches of vulnerabilities (Brazil-99%, India -80%, Japan-61%, South Africa -63%, UK -72% have definitely or probably experienced an undetected breach).

There is also the perception that the threat level is rising, but despite these concerns, organizations are mostly confident in their abilities to deal with these threats. Executives responsible for security believe that the human element is responsible for most breaches and is more of a factor today when compared to two years ago. The failure of end-users to follow procedures and carelessness are cited as the main reasons for this increase in all countries except Brazil where these factors are second-tier reasons.

Across all countries, the most serious concerns were related to malware, hacking and data loss. With organizations worldwide producing more data than ever before, the threat of loss and leakage has increased as well.

The proportion of companies who say they’ve likely experienced data loss/leakage range from 92% in Brazil to 28% in Japan. Among those experiencing a loss, sensitive corporate financial data was cited at the highest rate in all countries except Brazil where the top spot went to corporate intellectual property. Data in motion (e.g. unencrypted email) generated the greatest concern, followed by data at rest in most countries.  The primary prescription to combat data loss is to reinforce company policies on device safety and the sharing of proprietary information.

The common thread across all countries surveyed in this study is that regardless of how the information security landscape changes, the human factor remains the one constant.  Our data found that a significant proportion of companies believe that they are understaffed and there is room for improvement on staff expertise on security issues. Formal training/education is seen as critical to improving staff capabilities.

Across countries surveyed in the 9^th Annual Information Security Trends study, organizations view certified staff as an integral part of their security apparatus. The validation provided by certification is evident by the high level of agreement to certified staff being more valuable to the organization, having proven expertise and the belief that the organization is more secure because of the presence of certified staff. As expected, there is a correlation between organizations that have a formal policy toward the use of certification and the value assigned to certifications.

For more country-by-country comparisons on the state of the security landscape, emerging trends and the response to security threats, check out CompTIA’s 9^th Annual Information Security Trends study that is available to CompTIA members at no additional cost.