"When it comes to security, TMT companies are talking the talk but not yet walking the walk," said Brian Geffert, principal of Deloitte Security and Privacy Services, Deloitte & Touche LLP. "Survey respondents say that security is a top concern, but it is still not being addressed across the organization from a risk-based perspective, despite recent breaches costing million of dollars of damage and inestimable harm to companies' reputations, brands, revenue and productivity. In fact, more than half of security executives surveyed admit that their security investments are falling behind the threats or at best just catching up."
TMT companies revolve around digital information and technology, which are inherently vulnerable to corruption, piracy, attack and theft. Telecommunications operators are the gateway into the digital home and office, and media companies are increasingly creating and distributing content digitally. According to the survey, the frequency, magnitude and sophistication of breaches are growing.
Ironically, most TMT companies have not kept up with advances in technology when it comes to security, and few are spending what's needed. The majority of TMT companies surveyed consider themselves "reactive" when it comes to investing in information security, and only 4 percent believe they are doing enough to address the problem.
Security is still viewed from the perspective of server and network, where firewalls, anti-virus applications, spam-filtering and virtual private networks are enough," says Geffert. "With the increased use of personal storage devices and PDAs, security needs to be viewed from an end-to-end data lifecycle perspective, to protect data as it travels throughout the organization and sometimes throughout the world."
Additional findings included:
- While phishing is considered to be a major threat to TMT companies, only 25 percent of those surveyed currently have implemented or are piloting anti-phishing technologies.
- Only 37 percent provided security training to employees in the last 12 months.
- Less than one quarter (24 percent) believe the security tools they have deployed are being used effectively.
- Only 20 percent of technology companies surveyed are "confident" that their patents and other intellectual property are properly protected; 24 percent are "concerned" or "very concerned" about IP protection.
- Just one-third regularly perform security risk assessments.
Despite the publicity received by external security threats, attacks from within are a great risk. In fact, among the TMT companies whose security was breached in the last 12 months, half were attacked from inside the company. Less than half (47 percent) of respondents said they were very confident that their infrastructure is property protected against internal attacks, as opposed to almost two-thirds (63 percent) for external attacks. The vast majority of TMT companies (83 percent) said they are concerned about employee misconduct involving information systems.
"Of the tens of thousands of movies illegally posted on file-sharing websites, industry estimates say that more than 70 percent were 'leaked' by movie studio employees, rather than stolen by external criminals," says Geffert. "And, theft of intellectual property is the internal threat cited most often by TMT companies."
The investment in security can be a strategic opportunity for TMT companies and can help them build brand differentiation through security and reliability. They should consider:
