Deloitte study: Information security spend on the rebound

Following last year's widespread cost-cutting initiatives due to the global economic downturn, technology, media and telecommunications (TMT) organizations are starting to re-invest in information security.

"At a time when almost half (46%) of TMT organizations believe inadequate security budgets are the biggest barrier to information security, we are pleased to see many TMT organizations around the world increase their investment in information security in anticipation of an economic recovery," explains Fadi Sidani, partner in charge for Enterprise Risk Services (ERS) at Deloitte in the Middle East.

Cyber crime a serious global concern and major barrier to ensuring information security
More than one-third (37%) of organizations surveyed said the increasing sophistication of threats is the second largest major barrier to ensuring effective information security.

"The problem is no longer about computer savvy individuals trying to hack into IT systems. The growing professionalization of cyber criminals and cyber terrorists has led many governments to appoint national cyber coordinators to protect themselves against cyber warfare," explains Tariq Ajmal, partner in charge of Technology Services at Deloitte in the Middle East.

"These coordinators are identifying TMT organizations as both high profile targets for cyber criminals, but also (as their technology and their networks are hijacked) as unwilling enablers of cyber crime and cyber warfare." explains Ajmal.

More than half of TMT organizations have experienced a security breach in 2010
Since TMT organizations are increasingly creating and distributing content digitally, new opportunities for piracy, cheating and abuse abound.

The study shows that half of TMT organizations have experienced at least one security breach in 2010, and 26% of TMT organizations experienced repeated attacks by malicious software from outside the organization.

Online games and gambling are extremely vulnerable to security attacks since manipulating and cheating can easily occur. In addition, online advertisers are being defrauded by click-farms: groups of people paid to click on ads. As a result, ad costs per click are on the rise.

Cloud computing to change delivery of IT services if security and privacy issues resolved
"Despite the lack of testing and verification, only one-third (30%) of TMT organizations have a 'high confidence' in their third parties" says Sidani. This is a problem for cloud computing as organizations implicitly rely on third parties to provide infrastructure, applications and data hosting out of the cloud.

"If security and privacy issues can be resolved, we expect cloud computing to become the standard in enterprise software," explains Sidani.

Identity and access management among top information security initiatives for 2010
TMT organizations indicated that identity and access management were among their top three most important information security initiatives for 2010— up from number seven last year.

Now that the mergers and acquisitions (M&A) market has started to recover, information security practices are being factored into the market valuation of TMT organizations.

Since most acquisitions include the entire IT environment, an acquired company's IT systems will likely need to be improved and integrated to reach the same level of security, privacy and continuity as the company purchasing it.

Organizations divesting parts of their business also need to prevent employees from the divested business from accessing company systems and data. "Over one-third (35%) of organizations reported excessive access rights as the major finding during internal and external security audits," concludes Ajmal.