Tech, Media, Telco Companies Stink At Security

Thursday, February 7, 2008 by Mistlee

David A. Utter

Tech, Media, Telco Companies Stink At Security

Woeful preparedness for security breaches and a reactive mindset prevail among industries that collectively should really know better.

The Deloitte survey of technology, media, and telecommunication companies around the world found a distressing mix of overconfidence and underpreparedness for disaster.

And here you thought it was just the New England Patriots showing those tendencies in the Super Bowl.

In the survey, Deloitte found 46 percent of companies did not have any formal information security strategy in place. Yet nearly 70 percent felt very or extremely confident about being ready for external security challenges.

One would think the epic breaches at TJX or CardSystem Solutions would have dispelled overconfident thinking over the past couple of years. Obviously those fiascoes have not made the impact we expected.

Deloitte cited the challenge of end-to-end security as an ongoing issue. Securing the server room at corporate HQ is not enough. Allowances for securing remote workers, and ensuring integrity of information tapped by external business partners, have to be considered.

"The technology, media & entertainment and telecommunications industries are still in a reactive mode when it comes to their approach to security," Rena Mears, Deloitte global and U.S. privacy and data protection leader, said in a statement.

"A prerequisite for effective information security is the implementation of a proactive information security strategy that is closely linked to the company's overall business strategy, business requirements, and key business drivers."

Deloitte suggested one angle companies could take. Through the use of physical access control devices, like swipe cards or RFID chips, the business could protect information assets. A person trying to login to a system in an office as someone else, but without the other person's physical security device, could be stopped from gaining access to the system.

However, Deloitte sees a little opportunity for optimism in 2008. More companies in the tech, media, and telco fields should have dedicated chief information security officers overseeing security and governance issues.

SecurityProNews About Us News Archives Feedback