Media and technology companies failing to protect their assets

Jun 21 2006 by Brian Amble Print This Article

Portable media devices pose a growing threat to technology and media companies reliant on digital information, with more than half falling victim to data theft over the past year.

Research by business advisors Deloitte argues that the reliance of the technology, media and telecoms (TMT) industry on digital information and technology has made it increasingly vulnerable to attack.

More than half the companies surveyed reported security breaches in the last 12 months, with a third of those breaches resulting in significant financial losses.

Moreover, firms' own employees were the culprits for half of these attacks, with easy access to portable media devices such as iPods and large-capacity memory cards making it a simple task for individuals to spirit confidential data off-site.

This might explain why many TMT companies are not very confident in the security of their internal IT infrastructure. A mere four per cent believe they are doing enough to address security issues and more than eight out of 10 are concerned about employee misconduct involving information systems.

More concerning still, half of the firms surveyed citied budget constraints and lack of management support as the main challenges to achieving security goals.

"TMT companies are becoming more aware of the impact of technical security attacks because their businesses revolve increasingly around digital information and technology," said Mike Maddison, leader of Deloitte's Security & Privacy Services.

"Everything from voice telephony to prime time television is now created and transmitted as a series of zeros and ones Ė making it vulnerable to infection, attack and theft.

"Protecting the confidentiality and integrity of data, as well as ensuring its available when required is now an important aspect of effective operational management."

The report, based on an in-depth survey of security practices at TMT organisations around the world, also reveals that many companies are underestimating the need for security.

Most are not investing enough time, money and resources to protect themselves adequately, it claims.

And it stresses that while external security threats such as hackers, viruses and worms get most of the attention - as well as the lion's share of resources when it comes to digital security - the risks from internal threats such as fraud, employee misconduct and human error are just as great.

This failure to acknowledge 'the enemy within' means that Most TMT companies limit their security policy to the basics, such as firewalls, anti-virus applications, spam-filtering and virtual private networks.

Yet more advanced threats are not being adequately addressed, Deloitte argues. For example, phishing (identity theft carried out through the creation of a website that seems to represent a legitimate company) is considered to be a major threat to TMT companies, yet fewer than one in five have currently implemented anti-phishing technologies.

"TMT companies must recognise that they represent an increasingly attractive target.," said James Alexander, technology director at Deloitte.

"Media companies' content represents the basis of a global market in illegal downloads and counterfeit goods; telecommunications operators increasingly represent the gateway into the digital home and office."

"The increasing vulnerability of the TMT sector to attack means that security is no longer a minor operating detail best left to the IT department," he added.

"The industry needs to address security as a fundamental business requirement Ė and a strategic imperative."