They are out to get you - why paranoia is sometimes a good thing

Businesses must take cyber-security seriously according to Deloitte.

According to recent research, many businesses are not putting in place the right security measures to protect themselves from an increasing threat. Deloitte Touche Tohmatsu (DTT) recently published its 2009 global security study "Security can't be discounted" and highlighted infrastructure, security governance, insider threats and budgets as the key areas that need re-assessment to take account of changes to the security threat environment.

The study revealed that consumer businesses are not focussing on the right areas: e.g.

• many companies view information security to be mainly an infrastructure issue with 51% of respondents saying that their top security initiative in 2009 would be deployment or improvment of their security infrastructure.
• More than half (53%) of respondents are operating without an approved security governance structure and thus have no basis for making decisions about what should or should not be done about information security.
• Only 10% of respondents put insider threats as being their top priority, despite many also appreciating that people, including third parties, are the weakest link in the security.

As an aside: only 9% of respondents had an enterprise wide Business Continuity Plan in place. On a more positive note, creation of such a plan was recorded as being the 2nd top priority for 2009.

So, what were your security related priorities for 2009? and what do you think are the primary information security threats to your business?