McAfee brengt vandaag haar ‘State of Security rapport’ uit. Omdat corporate dataomgevingen uitbreiden en effectieve informatiebeveiliging alleen mogelijk is door een Strategic Security Plan (SSP) op te stellen, heeft McAfee gekeken naar de uitdagingen waar bedrijven tegenaan lopen tijdens het ontwikkelen van een SSP. Daarnaast toont het rapport aan wat de prioriteiten voor 2012 zijn voor bedrijven. Dit wereldwijde onderzoek is verricht onder 495 organisaties en uitgevoerd door Evaluserve.
De conclusies van het rapport zijn (sorry, in het Engels):
While organizations are working on their strategic security plans and putting in their best efforts toward protecting business systems and critical data, there is much room for improvement all the way around.
- Step up to a higher security maturity level. Only 16% of the survey respondents classify their organizations as being at the “Optimized” level. Worse, however, is the fact that 9% of the organizations are “Reactive” in their approach to IT security.
- Executive involvement is crucial. While IT and security personnel may take the lead in developing the plan, it’s important to have insight from those who best understand the business systems and the data they use. Moreover, executive involvement is critical to set the tone for the importance of security throughout the organization.
- Test early, test often, and make adjustments as needed. What good is a plan if it is developed and put on a shelf? If it is never tested? Unfortunately we learned that 29% of “Compliant” companies never test how they would respond to an incident. What’s more, the fact that 79% of the surveyed companies had security incidents in the past year indicates that there are gaps in the security plans that must be addressed.
- Use budget allocations wisely. Though every manager would like to have a bigger budget to be able to apply more safeguards, the “Optimized” companies have found ways to reach the highest level of performance with the same level of funding (percentage-wise) as the companies who are less prudent with their budgets.
- Use the right tools for the current threats. The survey shows that 45% of the companies haven’t deployed the next generation firewalls. Mobile security is another area that should not be ignored, yet 25% of the organizations have not purchased any tools for this purpose.
- Focus on protecting the lifeblood of the company-the sensitive corporate data. The top priorities for 2012 include implementing stronger controls to protect sensitive data and ensuring business continuity. Additional high priority activities are all meant to improve each organization’s overall security posture. This is encouraging because without timely recognition and mitigation of security threats, an organization may be the next news headline—and nobody wants that dubious distinction.
About the Survey
The survey was conducted by Evaluserve and included responses from 495 organizations. Countries included in the survey were: United States, Canada, United Kingdom, Germany, France, Brazil, Australia, Singapore, and New Zealand and range in size from a minimum of 1,000 employees to more than 50,000 employees. The report is available at: www.mcafee.com/ssp