IP Not Well Protected at TMT Companies

By Allen Bernard

(Back to article)

According to a recent Deloitte report, more than half of all technology, media and telecommunications (TMT) firms have had security breaches nor do they take this issue as seriously as they should.

"There are two things that are coming away here," said Brian Geffert, principal of Deloitte Security and Privacy Services for Deloitte & Touche, LLP. "I think the first thing is a lot of companies are talking-the-talk around security but they are not walking-the-walk. The other issue is around how are they protecting the assets they are pushing out to outsourced "

TMT companies don’t provide adequate resources and funding for security, despite the fact that more than half had breaches in the past 12 months, according to Protecting the Digital Assets , a survey conducted during the first quarter of 2006, which queried, through one-on-one interviews, security executives at 150 companies in 30 countries.

“Survey respondents say that security is a top concern, but it is still not being addressed across the organization from a risk-based perspective, despite recent breaches costing million of dollars of damage and inestimable harm to companies’ reputations, brands, revenue and productivity, continued Geffert.

"In fact, more than half of security executives surveyed admit that their security investments are falling behind the threats or at best just catching up.”

Part of the problem is the need to focus on getting products to market as fast as possible, said Geffert. This is the main focus of the TMT industry since the shelf life of digital products is low thus leading to the need to continuously create new offerings.

And, because of the nature of digital products, they are inherently vulnerable to corruption, piracy, attack and theft. Ironically, most TMT companies have not kept up with advances in technology when it comes to security, and few are spending what’s needed.

"Let's make sure were hard and crunchy on the outside … " is still the approach most security executives take when it comes to protecting their digital assets. This needs to change since the majority of breaches are perpetrated by insiders, said Geffert. Among the TMT companies whose security was breached in the last 12 months, half were attacked from inside the company.

The increase in network devices—PDAs, expanded networks, laptops, etc.—are also the reason a "castle and moat" security strategy is no longer adequate.

On the plus side, the survey did indicate that TMT companies are on par with other industries when it comes to protecting customer data.

Additional the survey found that:

  • Less than one quarter (24%) believe the security tools they have deployed are being used effectively.
  • Only 20% of technology companies surveyed are “confident” their patents and other intellectual property are properly protected—24% are “concerned” or “very concerned” about IP protection.
  • Just one-third regularly perform security risk assessments.
  • "I think the take away here is you have to get more focused and (organizations) need to start looking at how they are approaching security and trying to protect digital assets," Geffert said.