Symantec Corp has announced the India findings of its 2011 State of Security
Survey Report, which explored the state of cybersecurity in organizations of
all sizes. The survey found that Indian organizations are focusing their efforts
on mitigating business risks posed by cloud, mobile and social computing, along
with targeted attacks, which are making security more difficult. In fact, over
half the respondents revealed that cybersecurity is more important today than
it was a year ago.
“Today, critical information assets are dispersed across the cloud, smart
devices and social media, bringing new challenges in security,” said Shantanu
Ghosh, VP and MD, India Product Operations, Symantec. “As Indian organizations
realize the importance of a holistic strategy in minimizing the business impact
of cybersecurity issues, they are better positioned to protect themselves against
security-related revenue, data and brand losses.”
New computing models bring their own security challenges
In a reflection of the concerns that prevail around cloud computing, 62 per
cent of Indian businesses agreed that private cloud computing makes security
more difficult, and 62 per cent also indicated the same for public software-as-a-service.
Enterprises that are embracing mobile and social computing at the workplace
are also facing challenges. Fifty eight per cent of Indian respondents feel
that mobile computing is increasing the difficulty of providing cybersecurity,
and 53 per cent face a similar challenge with social media. These new technologies,
if not appropriately addressed in the security strategy of an organization,
can also increase the insider threat to data. Fifty-one per cent of respondents
see the well-meaning insider as a somewhat/extremely significant threat, and
52 per cent consider malicious insiders as a somewhat/extremely significant
threat.
Attackers continue to target Indian businesses
Nearly three-fourths of Indian respondents – across sectors such as education,
IT, manufacturing, government and financial services – experienced cyber
attacks recently, with 72% indicating that they had witnessed attacks in the
past 12 months. Hacking, targeted attacks and industrial espionage are perceived
as threats, with one in two organizations experiencing targeted attacks. Further,
92% of victim organizations experienced losses due to cyber attacks, with these
losses translating into actual costs for 94%. While 37% of respondents experienced
downtime, 31% faced loss of customer personally identifiable information and
28% lost intellectual property.
However, victims valued the revenue lost due to cyber attacks
at Rs 41.3 lakh, a 40% reduction over the previous year. Respondents also valued
the cost of regulatory fines at Rs. 26.4 lakh on average and the loss of brand
reputation at Rs. 33 lakh.
Indian businesses proactive in security approach
The reduced cost of cyber attacks can be attributed to the increased focus on
cybersecurity, which over half the respondents said is more important now than
it was a year ago. Over 53% are planning significant changes to enterprise security
in the next 12 months, primarily in the areas of risk management, endpoint security
and web security. Businesses are also addressing the challenges posed by new
computing models by allocating additional resources in terms of budget and manpower.
Fifty four per cent are increasing their budgets for private cloud security
and 53 per cent are planning the same for public cloud security initiatives.
Similarly, businesses are also looking at manpower capacity growth for private
cloud security (58 per cent) and public cloud security (62 per cent).
Recommendations
- Organizations need to develop and enforce IT policies. By prioritizing risks and defining policies that span across all locations, businesses can enforce policies through built-in automation and workflow.
- Businesses need to protect information proactively by taking an information-centric approach to protect both information and interactions. Taking a content-aware approach to protecting information is key in identifying and classifying confidential, sensitive information, knowing where it resides, who has access to it, and how it is coming in or leaving your organization. Proactively encrypting endpoints will also help organizations minimize the consequences associated with lost devices.
- To help control access, IT administrators need to validate and protect the identities of users, sites and devices throughout their organizations.
- Organizations need to manage systems by implementing secure operating environments, distributing and enforcing patch levels, automating processes to streamline efficiency, and monitoring and reporting on system status.
- IT administrators need to protect their infrastructure by securing all of their endpoints – including the growing number of mobile devices – along with messaging and Web environments. Defending critical internal servers and implementing the ability to back up and recover data should also be priorities.
Tags:
computer
information
0 reactions:
Post a Comment