
Analysis: Experts discuss security in a recession
Benchmarking study highlights where firms are failing

A recent benchmarking study by PricewaterhouseCoopers (PwC) suggests that much work still needs to be done to ensure that a combined IT and corporate security function is adequately prepared to protect businesses from 21st century threats.
The consultancy firm approached 10 of its FTSE 100 clients to carry out the study, finding that many lacked a joined up approach to security which led to silos in IT security, as well as other areas like anti-terrorism and intellectual property infringement, without any cohesion.
The exercise resulted in six key findings, including the need for greater collaboration between departments, and better understanding of the risks from third parties as more and more services are moved offshore.
"The ability to restore business processes in a timely fashion could have been improved across the board, especially when you see how many third parties are going to the wall," said Steve Wright, security and business continuity management leader at PwC. "We found that they didn't seem to do enough risk analysis."
The study also found that firms need to improve their people security initiatives, as only 50 per cent demonstrated significant amounts of employee vetting.
"In an age when the pressure on the family unit to maintain a roof over their heads becomes immense, more employees could be suspected of doing something illegal," said Wright. "It is extremely hard to iron out but, if you're not doing the vetting in the first place, it really will leave you wide open."
Jay Abbott, a senior manager in PwC's technology assurance practice, who carries out penetration testing and ethical hacking work, agreed that "the insider threat has, and will continue to be, the biggest area of risk", but argued that physical security also needs to be improved.
"There are easier ways these days to get data out of an organisation than hacking, and the techniques are all known about by organised crime," he added.
The benchmarking study also looked at the main areas of responsibility for a combined corporate security and IT security function in the 21st century. These included a good understanding of information assets, thorough risk assessment methodologies, business continuity preparedness, and rigorous incident management processes.
Further reading
V3 Latest
First plant to grow on the Moon, err, dies
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite news and updates: Fortnite made $2.4bn in 2018, according to SuperData
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Japanese firm sends micro-satellites into space to deliver artificial meteor showers on demand
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago