Related Articles
Top Stories
May 27 2012 11:21
There's a price war raging between South Africa's cellphone networks after Cell C lowered the rates of its prepaid calls by more than 34%.
May 27 2012 13:09
The oversupply of golf estates has claimed another victim.
May 28 2012 07:53
The City of Cape Town has spent R175m running the Myciti bus service since the Soccer World Cup compared to an income of R35m, a report says.
Pretoria - While most business executives are aware of security incidents at their companies, ownership of the problem is still perceived to rest with IT departments, a study by Deloitte Touche Tohmatsu has found.
The Global Security Study found that about 63% of organisations had an information security strategy, but only 10% had their information security led by business-line leaders.
"The contradictory findings highlight the security paradox financial institutions are facing. On the one hand, it is clear that respondents have identified the major security issues and the necessary actions they must take to improve security and privacy practices.
"On the other hand, many financial institutions are falling behind when it comes to taking action", said Kris Budnik, security specialist with Enterprise Risk Services, Deloitte.
According to the survey, the greatest root cause of external breaches continued to be the "human factor" - the organisation's employees, customers, third parties and business partners.
The survey found that the top three breaches were viruses and worms; e-mail attacks including spam; and phishing/pharming. Breaching was the most worrisome element for organisations.
"But even though financial institutions are directly affected by these types of breaches, they are still reluctant to take responsibility for the security of their customers' computers, most likely because of the enormity of such an undertaking," says Budnik.
About 66% of respondents said they should not be held accountable for protecting the computers of their customers who do online business with them.
However, a high number of repeated occurrences of breaches could be attributed to employees through their misconduct (intentional action) and errors and omissions (unintentional action).
While errors and omissions were identified as a major security issue, almost 22% of the respondents provided no employee security training over the past year and only 30% said their staff was well skilled with adequate competencies to respond to security needs.
"Despite these gaps, identifying the problem is at least half the battle and so financial institutions are definitely moving in the right direction to close these gaps," Budnik said, especially in the case of South Africa.
The survey was conducted by face-to-face interviews and on-line questionnaires which focused on senior information technology executives at many of the top 100 global financial services organisations.
The respondents represented public and private organisations from all continents, divided into five regions including Europe, the Middle East and Africa.
- Sapa