Web 2.0 technologies viewed as a security threat by telcos

13 Jul 2009

An overwhelming majority of technology, telecoms and media businesses – some 83pc – view Web 2.0 technologies as a significant security threat to their business, even though 32pc of them have reduced their IT security budgets in the past year.

Social networking and Web 2.0 technologies are leading to increased internal security issues for technology, media and telecommunications (TMT) companies, according to the third annual Deloitte TMT security survey.

In fact, 83pc of respondents consider ‘exploitation of vulnerabilities in Web 2.0 technologies’ to be a significant threat, while 80pc of respondents regard ‘social engineering’ as a threat to the company’s information security.

While blogs and social networks such as Facebook, MySpace and Twitter can be powerful enablers for both companies and employees alike, they also increase organisations’ internal security challenges.

“Information and intellectual property are the lifeblood of a TMT company. Protecting these precious assets, often in open and collaborative business environments, must be the imperative for organisations,” explained Colm McDonnell, partner, Enterprise Risk Services, Deloitte.

“In some cases, employees unintentionally release sensitive information without realising the consequences. In other cases, employees may be using social networks and the internet for illicit activities that reflect badly on the company.

“Either way, the company could ultimately be held responsible. We have seen 41pc of respondents experiencing at least one internal security breach in the past year, in contrast to 27pc of global financial institutions experiencing the same threat.

“Here in Ireland a study by Deloitte Ireland found that 77pc of respondents believe it is easy to remove sensitive data from their place of work. Therefore, the potential for internal security breaches cannot be underestimated by companies,” McDonnell continued.

Despite the high public awareness of Web 2.0 technologies and the obvious dangers, ‘excessive access’ for employees remains the No 1 security threat for companies. The TMT industry is beginning to take steps to address these potentially serious security threats, with 66pc of respondents saying they provide some form of security training for their employees.

Despite increased security risks, the survey also shows that TMT companies have significantly reduced investment in security spending in the past year. The findings reveal that less than 6pc of IT budgets are now being allocated to security.

This is resulting in dramatic increases in the likelihood of internal and external security breaches and, more significantly, causing long-term issues for an industry that sells itself on being at the cutting edge of new technologies.

The appeal of the short-term gain available through the reduction of IT budgets has been demonstrated with 32pc of respondents having reduced their information security budgets in the past year.

Now 60pc of respondents, an 11pc increase from 2008, believe they are ‘falling behind’ or still ‘catching up’ to their security threats. Smarter spending has also become a focus, with 41pc (up 19pc) of companies having established metrics to measure the effectiveness of their security investments.

“It is clear that the current business climate requires TMT companies to focus on driving unprecedented levels of cost efficiency,” McDonnell continued.

“However, companies that under invest in security now may find themselves vulnerable and unable to keep pace with the growing threats from increasingly sophisticated attacks and emerging technologies. More significantly companies should not forget their long-term goals; at some point the global economy will bounce back and companies run the risk of being unable to capitalise on the recovery.”

Privacy is a major concern for consumers, who are increasingly been asked to share sensitive information. Privacy can be breached in several ways including attacks by hackers and accidental information releases to unauthorised parties.

Over the past year in Ireland alone there has been a number of high-profile privacy breaches. Yet only 47pc of surveyed companies have a privacy programme in place and only 44pc have an executive for managing privacy compliance.

This aligns with the fact that many TMT companies do not have a programme for managing privacy compliance (33pc), a written privacy policy (28pc) or a formal directive with respect to the destruction of personal information (28pc).

“These statistics suggest that many TMT companies are still not effectively managing their digital assets – a problem that could lead to further privacy breaches and ultimately undermine their competitiveness,” McDonnell concluded.

By John Kennedy