Security is increasingly integrated

It's that time of year when auditors and security specialists poll their customers' concerns, apply their expertise and present the numbers.

First up is a worldwide study by CIO magazine, CSO magazine and PricewaterhouseCoopers (PWC) that says organisations are increasingly integrating physical and information security as they become more aware of the impact of privacy breaches.

The survey - PWC's Global State of Information Security 2006 - reports 40% of respondents say their physical and IT security functions report to the same executive leader versus 31% last year.

The report, the largest of its kind, says there seems to be a noticeable shift in security priorities.

"In 2006, IT executives list the top three priorities on their to-do list as technological fixes including data backup, network firewalls and application firewalls. This is a departure from 2005 when the number one priority was disaster recovery and business continuity, followed by employee awareness and training programmes, and data backup third on the list."

Ernst and Young's Global Information Security Survey 2006 was also released this week, with positive results both globally and in SA. Ernst and Young also found that security is becoming more integrated but companies need to do more to improve their "information security posture."

Malware threats may have been supplanted by regulation and compliance as security priorities, but they're still around in number.

Paul Furber, senior group writer, ITWeb

Locally, South African businesses were ahead of the global numbers in some areas. Fifty-four percent of local companies reported information security fully integrated with overall risk management compared with a global figure of 43%. Twenty-three percent of South African companies reported requiring independent security reviews of third party providers, considerably more than the global figure of 14%.

Drivers for South African companies in the next year include compliance with regulation (85%), and privacy and data protection (69%).

Eset's latest Global Threat Trend Report, which includes South African data, highlights the top ranking malware threats to appear globally during October.

The report is based on statistical data collected worldwide from 10 million different systems and has tracked a total of 10 000 different threats and malware families in the real world.

The data provides a view of the behaviour and spread of malware and documents the most prevalent of these threats each month - Win32/Stration, Win32/trojanDownloader.Swizzor and UpstartSmall.KJ appeared at the top of October's list.

Malware threats may have been supplanted by regulation and compliance as security priorities but they're still around in number.

Thanks to PWC, CIO Magazine, Ernst and Young and Eset.