Data security and integrity are among the top most challenges being faced by the businesses in the Middle East, according to a study.
“Information security systems must expand and adapt to meet the demands of the enterprise in an evolving borderless world,” according to the findings of Ernst & Young’s 13th annual Global Information Security Survey, which made public on Tuesday.
Nearly 1600 respondents from 56 countries, including from the Middle East, took part in the study.
A significant increase in use of external service providers and business adoption of new technologies such as cloud computing, social networking and Web 2.0 is recognized to increase risk for 60% of respondents. Yet, in spite of this, less than half (46%) intend to increase their annual investment in information security.
Less than a third of global businesses have an IT risk management programme in place capable of addressing the risks related to the use of new technologies. In spite of the rapid emergence of new technology, just one in ten companies consider examining new and emerging IT trends a very important activity for the information security function to perform.
“The region is seeing one of the fastest uptakes of smart mobile devices in the world and the demand for access to corporate and sensitive data from remote locations has grown in tandem,” said Wasim Khan MENA IT Services and Telecom Leader, Ernst & Young.
“Over the next few years, we expect companies to come alive to the security risks posed by mobile and online leakages and upgrade their security infrastructure,” he added.
For almost two-thirds (64%) of those surveyed, employees’ level of security awareness is recognized as a considerable challenge.
Half of respondents plan to spend more over the next year on data leakage and data loss prevention – a seven percentage point increase from last year. To address potential new risks, 39% are making policy adjustments, 29% are implementing encryption techniques and 28% are implementing stronger identity and access management controls.
“Increased mobility and limited control over end-user devices can also cause problems. This is especially true when trying to implement effective and efficient business continuity and disaster recovery capabilities,” added Wasim.
Around 23% of respondents are currently using cloud computing services and a further 15% are planning to use it within the next 12 months. When asked if an external certification of cloud service providers would increase trust, 85% of respondents said yes, with 43% stating that the certification should be based upon an agreed standard and 22% requiring accreditation for the certifying body.
“Companies and Information security leaders are facing a changing business environment, where traditional enterprise boundaries are quickly evaporating. It is also an environment driven by an increase in workforce mobility, greater adoption of cloud computing services and a growing use of social media and collaborations tools within the enterprise. Organizations will be pressed for both time and resources to mitigate the risks involved but will have no choice but to address them,” said Wasim.
“In the MENA region, the Government and Public Services sector has been at the forefront of the adoption of Internet based customer reach,” said Srikant Ranganathan, Partner, IT Advisory Ernst & Young Bahrain.
“This has brought on risks to which they were previously unexposed to. The correct focus on protection against these new risks is critical to the success of these initiatives.”