How exposed are multinational companies to security breaches?

How are security models changing and how are the recent high-profile hacking attacks affecting this? h2index has some interesting insights having recently completed a significant IT security research study:

  • Twelve major multinational companies from the consumer goods, financial services, insurance, pharmaceutical and telecommunications industries participated.
  • CIOs and Directors of Information Security were interviewed.

Investigation focused on how IT security is changing due to:

  • fast-changing business models and technological innovation to secure competitive advantage;
  • emerging challenges such as cloud and consumerisation;
  • increased outsourcing and partnering in most non-core, and some core, business functions – (in many cases there are now more partner individuals needing access to IT systems than employees – in one extreme case, partners now outnumber employees by about 10 to 1);
  • large corporations having a more direct relationships with consumers – i.e. brands now communicate directly with individuals, not just via retail outlets / intermediaries – as a result many companies are struggling to cope with their new found responsibilities to manage and protect the raft of personal information that they now hold about consumers.

Key findings

  • Operational business managers expect systems to be 100% secure.
  • There are a multitude of factors that make it impossible to be totally secure.
  • The traditional ‘medieval city’ security model, with a fortress style perimeter, is no longer appropriate as it impedes business.
  • A new ‘modern city’ security model is emerging, where security is everyone’s responsibility.
  • Technology is not the solution – the focus is now on developing a new security culture.
  • Security is no longer a back room IT issue, but is at the forefront of the senior management agenda and is recognised as needing to become an integral part of every business activity.

So what are CIOs and Information Security Directors doing about this?

  • Security management is changing from Guard dogs (making information loss impossible by restricting the business) to Guide dogs (emphasising awareness, governance and process).
  • There is significant focus on developing strong, trusting partner relationships; with audits to ensure that appropriate information governance processes are in place and being adhered to.
  • Many companies are already embedding robust new security roadmaps – focused on raising awareness of everyone’s security responsibilities – while others still have a long way to go.

Further questions raised by the findings:

  • With the frequency of hacking attacks and the number of ‘IT experts’ across the globe making this likely to continue – how best to ensure that security becomes second nature for all?
  • The current rate of change in business, technology and social media makes it impossible for security to keep pace. No-one can hold back the tide, so how best to manage the flow?

h2index is continuing to discuss IT security with a range of companies and is keen to expand the conversation to a wider audience – if you would like to take part, please get in touch.