More Than Half of Tech Companies Report Security Breaches
June 26, 2006 Timothy Prickett Morgan
High tech companies often talk a good game when it comes to security, but apparently the fact that they are heavily dependent on digital information and connectivity to the outside world means that they are susceptible to security breaches. And they are not doing a very good job protecting themselves.
According to a report called Protecting the Digital Assets, which is based on surveys done by Deloitte Touche Tohmatsu of 150 companies in the technology, media, and telecommunications industries–so-called TMT firms–more than half of the firms said that they had security breaches of their systems within the prior 12 months.
“When it comes to security, TMT companies are talking the talk but not yet walking the walk,” according to Brian Geffert, principal of Deloitte Security and Privacy Services, a unit of Deloitte Touche Tohmatsu. “Survey respondents say that security is a top concern, but it is still not being addressed across the organization from a risk-based perspective, despite recent breaches costing million of dollars of damage and inestimable harm to companies’ reputations, brands, revenue and productivity. In fact, more than half of security executives surveyed admit that their security investments are falling behind the threats or at best just catching up.”
Geffert says that these digitally intense companies are still looking at security from the server and network perspective–with firewalls, antivirus, spam filtering, and encrypted virtual private networks being the norm. But people are storing sensitive information in laptops, PDAs, thumb drives, and iPods, and companies are not deploying systems that track information and how it flows around. Those surveyed said that they considered phishing to be a major threat, but only a quarter of the companies surveyed have implemented or begun piloting anti-phishing technologies. Only 37 percent of the companies polled had provided security training to employees in the prior year, and fewer than a quarter said that the security tools they have are being used effectively. Media companies in particular are freaked out. Consider that an estimated 70 percent of the movies released illegally onto file sharing networks were done by inside employees at the company.
Deloitte Touche Tohmatsu did a similar survey of other industries, and the results will not make you feel very comfortable. If more than half the TMT companies reported breaches–about half were internal and half external–a whopping 78 percent of financial institutions reported a security breach in their systems in the prior year from the outside, up from 25 percent in the survey done in early 2005. About 49 percent of financial firms had a breach from the inside, up from 35 percent in the year-ago survey. (This is, after all, where money is stored, so you would expect more attempts to hack into systems.) About a quarter of life sciences and healthcare companies reported a breach in the prior year.