IDC highlights in one of its recent reports that IT security of financial services organizations might not be as advanced as expect, bringing the confidence in their good service down. Trust is a critical aspect of all business and particularly the financial services industry.
We trust banks with our money, insurance companies with our health and future, and investment companies with our savings. Yet, IDC’s recent study found that, on a scale of 1-5 for IT security maturity, more than two thirds of all respondents (71.6%) were at either stage 1 (29.2%) or Stage 2 (42.4%).
“This is not what we had expected to see,” says Simon Piff, Vice President of Security Practice for IDC Asia Pacific. Piff said, “The key issues at hand that resulted in this shocking statistic is very much about the way IT security is considered within organizations. Thinking that IT security is a problem for IT to solve is both short-sighted and does not embrace the full issue.” “Organizations must think in terms of ‘business risk’ first then decide how IT can help mitigate some of these risks, and not simply assign an ‘IT’ label to it,” he added.
In the hyper-connected world of today, the methods by which threat actors will try to breach a network are many and varied, and traditional IT approaches of focusing on perimeter prevention, without investing sufficiently into network detection and remediation, is at that heart of the issue.
“The bad guys are already on the inside, and we are all looking outside to see what we can stop thereby missing the advanced threat actors who can create the worst scenario for any business,” Piff concluded.
The IDC IT Security MaturityScape is available at IDC.com. Furthermore, to provide an update on IT Security technology and trends, IDC is holding an IT Security Conference series that aims to articulate how the threat landscape is changing, explain why business leaders need to be more concerned about the potential impact of breaches, even in markets with minimal legislation, and provide insight into what some of the world class organizations are doing to achieve the highest levels of IT Security. The conference series will be held in three cities: Kuala Lumpur, Bangkok and Manila, and more details can be found at the website http://bit.ly/2pRqlBi