CIOs to ramp up IT security in 2012: Telsyte

Follows the string of high-profile hacks in 2011

CIOs will increase their security spending in 2012 following the series of hack attacks that occurred in 2011, according to new research by analyst firm Telsyte.

The study, Australian CIO information security priorities, surveyed more than 320 Australian CIOs, IT and security managers, and found that around 29 per cent of organisations will increase their security budgets by more than 10 per cent in 2012.

According to Telsyte senior analyst, Rodney Gedda, board and senior management will be more likely to support and back security projects, which had previously been viewed as an “unwanted operating expense”.

Gedda attributed this shift to the string of high-profile hack attacks in 2011, such as the Sony PlayStation security breach and RSA SecurID token attack.

Gedda also pointed out in the research that a “significant percentage” of organisations had experienced at least one security breach in the past 12 months, which contributed to the increased security awareness among senior staff as well.

“According to the results, the threats are very real and it’s not just a case of a small percentage of organisations that have experienced a security breach, it’s a question of quite a lot of them,” Gedda told CIO Australia.

For 20 per cent of CIOs, Cloud and mobile security topped the priority list, as both are most vulnerable to malware and external hacks.

According to Telsyte’s Digital Nation 2012 book, the increased risk to data security is fuelled by the prediction that 8.8 million Australians will use smartphones and 2.54 million will use tablets by 2012, which shows no signs of abating with the rise of bring-your-own-device (BYOD) in the enterprise.

Hence, CIOs must find a way to manage and control the growing prevalence and myriad of mobile devices in their organisations to minimise the risks of a security breach.

“There’s more of a beachhead or an attack vector for data to be lost with a mobile device, like bring your own device [BYOD], and the priority of data loss, leak prevention is very high,” Gedda said.

“CIOs need to investigate methods for preventing what they classify as being important data.

“Work data might be emails, might be documents, could be passwords, things like that, compared to personal data, which might be social media accounts and photos on the same device. So, it’s definitely a growing area of concern.

“Also, people like CIOs and CEOs and other senior management want to use them as part of the network as well, so it’s no longer a case where CIOs can mandate a particular kind of device and everyone has to use that.

“Now, it’s a case where people at the same level or even higher than the CIO are wanting to use personal devices in the work place, so CIOs need to be conscious of what goes on those devices and how they can be securely partitioned from work data and personal data.”

CIOs should start by focussing on perimeter security and fortifying their security systems with up-to-date software, as some attacks were found to be software-related; invest in more advanced network security equipment, such as firewalls and intrusion prevention systems; or using the padding to vet content before it even comes in.

In addition, Gedda advised CIOs to back up their data and have in place a data recovery plan as the last line of defence in the event their security systems are broken into.

“If you’ve got backups and disaster recovery, you can at the very least have some sort of confidence that your data will be safe because once the system has been compromised, a hacker could do whatever they want with the data,” Gedda said.

Follow Diana Nguyen on Twitter: @diananguyen9

Follow CIO Australia on Twitter: @CIO_Australia

Join the CSO newsletter!

Error: Please check your email address.

More about etworkRSASonyTelsyte

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Diana Nguyen

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts