At the same time, only about a third of respondents have updated their information security strategy in the past 12 months, according to Ernst & Young's 14th annual Global Information Security Survey. For the survey, the accounting firm polled 1,700 organizations globally.
“In the last year, there has been an unprecedented increase in the level of attacks and loss of data in all sorts of ways”, commented Sheila Upton, a director at Ernst & Young. This has prompted in an increase in spending on information security, although only 50% of companies say that their information security function is meeting their needs, she told Infosecurity.
A full 59% of respondents plan on increasing their information security budgets in the coming 12 months. However, only 51% of respondents stated that they have a documented information security strategy, the survey found.
“The one thing that is encouraging is that organizations are saying that awareness of the risks is significant. In previous years, we saw less awareness. Unfortunately, that increased awareness has come at a high cost” in terms of data breaches, Upton noted.
Around 61% of organizations are currently using, evaluating, or planning to use cloud computing-based services within the next 12 months. This is a significant increase of 16 percentage points over the 45% that was reported in the 2010 survey.
This move to the cloud has pushed cloud security to the top of the list of security funding priorities for the next 12 months, the survey found. “A number of the firms we talked to said that security is the biggest issue when it comes to cloud adoption”, Upton said.
The adoption of tablets and smartphones ranked second-highest on the list of technology challenges perceived as most significant, behind cloud computing, with more than half of respondents listing it as a difficult or very difficult challenge. The adoption of mobile security techniques and software by organizations is low. For instance, encryption techniques are used by fewer than half (47%) of the organizations, the survey found.
“It is time to get people to realize that general information security awareness is no longer enough. Education needs to be targeted to help people understand why you need to put in controls for mobile devices”, Upton stressed.
External attacks may be fuelled by information obtained through the use of social media that was used to send targeted phishing messages to targeted individuals, the survey noted.
To help address potential risks posed by social media, organizations seem to be adapting a hard-line response. More than half have responded by blocking access to sites rather than embracing the change and adopting enterprise-wide measures, according to the survey.