Lack of governance one reason why companies yet to address sophisticated threats
Top 3 security issues: Data loss prevention, and network and endpoint security
DESPITE knowing that IT threats are becoming more sophisticated, most companies today are still investing the bulk of their money on basic, fundamental security products, said research firm IDC.
“IT spending is still prioritised on fundamental security products that are insufficient to address sophisticated threats,” said Liew Siew Choon (pic), IDC Malaysia senior market analyst.
These fundamental security products have “to be integrated with advanced security technologies in order to tackle increasing threat issues,” she said.
According to Liew, there are two main reasons why companies do not prioritise their budget to address more sophisticated threats.
“One of the reasons is that in the past, they had not invested heavily on fundamental security products, so many have just started their journey.
“The second reason is related to governance. This is why we see companies that have proper governance in place, such as those in the financial and telecommunications industries, are adopting [advanced security protection] it in a big way,” Liew told a media briefing in Kuala Lumpur on Aug 6.
The briefing covered the findings of the IDC Continuum Study 2014, which is aimed at getting a clearer picture of the Malaysian IT security landscape.
IDC’s survey found that the top three security issues Malaysian companies would most likely address over the next 12 months were data loss prevention, and network and endpoint security.
Data loss prevention includes a combination of network, endpoint, messaging, web and storage security that provides protection for data in motion, in use, and at rest.
Network security includes enterprise firewall software, network access control, virtual private network, and network intrusion detection and prevention software.
Finally, endpoint security includes antivirus and antimalware, personal firewall software and file and disk encryption.
Liew said she was disturbed by the fact that only 9.3% of the respondents said they were concerned about security and vulnerability management.
This includes security policy management, risk assessment and vulnerability scanning, as well as advanced security technologies such as security analytics, threat intelligence, and forensics.
“The security model within the organisation has to be aligned with the changing business environment.
“Organisations will have to face more security challenges during the transition to Third Platform -- the next-generation compute platform characterised by mobile, cloud, big data and social -- if IT spending is still focused on fundamental security products,” she said.
Liew said that it was therefore important for companies to strike a balance between investment on both fundamental and advanced security.
Nevertheless, the Malaysian IT security landscape is set for another growth year, according to IDC’s findings.
The market grew by 1.2% to about US$100 million in 2013, and is expected to grow by 12% this year. By 2015, the IT security market in Malaysia, which comprises security software and appliances but excludes services, will hit US$126 million.
As mobile usage grows, so should security: IDC
Security weaknesses must be shared openly: Facebook CSO
Information security is about you… yes, you!
Smarter, shadier and stealthier cyber-crime forces dramatic change
Security chiefs call for investments in ‘transformative’ technologies
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.