"There are two things that are coming away here," said Brian Geffert, principal of Deloitte Security and Privacy Services for Deloitte & Touche, LLP. "I think the first thing is a lot of companies are talking-the-talk around security but they are not walking-the-walk. The other issue is around how are they protecting the assets they are pushing out to outsourced "
TMT companies dont provide adequate resources and funding for security, despite the fact that more than half had breaches in the past 12 months, according to Protecting the Digital Assets , a survey conducted during the first quarter of 2006, which queried, through one-on-one interviews, security executives at 150 companies in 30 countries.
"In fact, more than half of security executives surveyed admit that their security investments are falling behind the threats or at best just catching up.
Part of the problem is the need to focus on getting products to market as fast as possible, said Geffert. This is the main focus of the TMT industry since the shelf life of digital products is low thus leading to the need to continuously create new offerings.
And, because of the nature of digital products, they are inherently vulnerable to corruption, piracy, attack and theft. Ironically, most TMT companies have not kept up with advances in technology when it comes to security, and few are spending whats needed.
"Let's make sure were hard and crunchy on the outside " is still the approach most security executives take when it comes to protecting their digital assets. This needs to change since the majority of breaches are perpetrated by insiders, said Geffert. Among the TMT companies whose security was breached in the last 12 months, half were attacked from inside the company.
The increase in network devicesPDAs, expanded networks, laptops, etc.are also the reason a "castle and moat" security strategy is no longer adequate.
On the plus side, the survey did indicate that TMT companies are on par with other industries when it comes to protecting customer data.
Additional the survey found that:
"I think the take away here is you have to get more focused and (organizations) need to start looking at how they are approaching security and trying to protect digital assets," Geffert said.