Whether someone is protecting an individual, a location or cyber space, they will tell you there’s no such thing as total security if they are a true professional. This is especially true when talking about the Web today, a place in which a perpetrator or perpetrators can be anywhere in the world in search of vulnerabilities in your system. The evidence of this statement can be validated by recent revelations large corporations, organizations and even governments have made regarding the security breaches they have experienced. The 2013 study by TELUS (News - Alert) and Rotman School of Management is the fifth yearly one of its kind that looks into the real security threats facing the people in charge of protecting digital assets in Canada.
Although the study was conducted in Canada, this information applies to any country around the world. In fact, the IT security managers in Canada “were forced to assume implicitly that the risk landscape in Canada was the same as that of other countries.” The statement from the study makes it clear there are no borders when it comes to cyber crimes and those that commit these crimes.
One of the biggest concerns security managers face nowadays is the speed in which new technology is being adopted by organizations. While these technologies can make any organization more efficient and introduce cost cutting measures, the impact on security is undeniable. Bring your own device (BYOD), cloud computing and social networking are all technologies companies are eager to adopt, but if the right security protocols are not implemented without question the organization will be exposed.
Researchers reveal, “We aren’t in control of mobile devices being used by our employees. If you don’t put in certain logical controls, they’re just going to do it anyway. The pervasiveness of the digital connected community is so entrenched now that IT organizations are going to have a real hard time grappling with how to control their information.”
During a roundtable discussion and interviews with experts, four key security-related concerns were uncovered including:
- Has my organization been breached, and I don't know about it?
- How will a breach affect my brand?
- What are my employees doing with corporate data?
- How do I retain my security resources?
Whether you are a security expert or not, these are the types of questions that will keep anyone who has a vested interest in the organization wide awake at night. When these four concerns were addressed in the TELUS and Rotman study, the prevailing message revealed was that there is a pervasive sense of vulnerability and people are the weakest link.
The security experts offered five recommendations to help organizations balance the integration of new technology and the need to protect the assets of the organization. They are:
- Don't assume you haven't been breached
- Security diligence must be ongoing
- Compliance is not the same as security
- Organizations should work to be "yes" organizations
- Awareness training is key
Edited by Jamie Epstein