IT security is no longer a trivial issue and is now becoming part of a company’s boardroom discussion, according to IBM Asia-Pacific institute for advanced security director, Glen Gooding.
He was talking at the recent IBM security symposium in Sydney.
Gooding pointed out some current trends that are further increasing the focus on security.
He said the Cloud is an area that organisations are, in some cases, struggling to adopt. One of the main reasons for that is they are not so comfortable with the security of where their data is residing.
Security within attack sophistication, the consumerisation of IT, especially with the rise of BYOD, as well as data explosion, with the rise of Big Data, is also something that he said top management should consider.
“Senior executives need to understand the connotations of security. The security story is very quickly moving from being an IT based discussion to a business level discussion. Senior executives are going to be more involved in understanding how secure their organisations are,” Gooding said.
A recent study, the IBM Chief Information Security Officer (CISO) survey, which surveyed 150 people from various sized organisations globally, showed senior executives are paying more attention to security in their organisations.
Two out of three respondents said they are spending more and increasing budgets within their organisations’ security platforms. It also showed that mobile security is the top security issue that respondents had to contend with.
“But attempting to protect the perimeter is not enough. The idea and the concept around this entire complex puzzle are to build a level of capability in and around intelligence – or analytics around the security data itself,” he said.
IBM security services threat research and intelligence principal, Michael Montecillo, said it is not how good a company is in security within one specific silo, but rather, how well it has applied the security comprehensively throughout the organisation.
Montecillo focused on a threat report that the company recently published, which showed advanced persistent threats tend to be the most difficult and sophisticated threats currently seen.
He claimed that a company’s patching strategy cannot be the only strategy that it has for security as there are a large realm of vulnerabilities.
“However, most organisations are still struggling in the quadrant of indiscriminate, less sophisticated attacks, such as commercial malware, for example. SQL, phishing, anonymous proxies and mobile OS vulnerabilities are also on the rise” he said.
IBM said it is currently investing in security solutions and services to key trends in the industry.