Last year resulted in numerous violations of security and privacy for companies and consumers. Both small and large businesses alike were subjected to numerous bouts of malware, insider threats, stolen data and hacked systems. Even big names were no exception: Target and Home Depot suffered the sting of data breaches with a humiliating and costly aftermath. Target's CEO Gregg Steinhafle resigned in May after the company experienced a 46% drop in profits and Home Depot is now the target of over 40 lawsuits after hackers targeted their self-checkout systems.
Even celebrities were subjected to infamous invasions of privacy when various iCloud accounts were compromised and revealing personal photos leaked to the internet. 2014 has proven that wealth and status don't guarantee immunity from wrongdoers seeking to misuse technology for their own ends; if anything, these characteristics can attract such unwanted attention. Now more than ever security and privacy protections are of paramount concern both for companies and consumers since the stakes are always climbing in this game, which can mean life and death for businesses that become victims.
Tech Pro Research, the premium content sister site to TechRepublic, conducted a survey on IT security in late 2013 and published a subsquent report on the topic. The report's key findings included:
- About two-thirds of the respondents said they were more concerned with security after media news reports of breaches and leaks. However, only large organizations with more than 1,000 employees were planning to improve IT security controls. Smaller companies were lagging behind in implementation of IT security controls.
- Small and medium-size businesses were either keeping the same budget in 2014 or increasing it. Meanwhile, more large organizations were decreasing their security budget for 2014, but the survey showed that security management outsourcing and maturing security programs are the likely reasons for this decrease.
- One of the top concerns for businesses for 2014 was the Bring Your Own Device (BYOD) movement. Lack of employee awareness in regard to social engineering attacks was the number one concern in 2013 but moved to second place for 2014, with BYOD taking the top slot.
- Projects slated for 2015 indicated a continuing shift from security best practice management to information assurance management. The survey showed that 50% of respondents were focused on improving risk management processes in 2014, linking information resource protection to business objectives. This tends to move perspective from implementing best practices to designing security frameworks best suited for strategic and operational business plans.
We'd like to revisit and expand upon these topics to see how security and privacy are viewed today to gauge what's coming in 2015 and how businesses are preparing for it. Are concerns increasing? Are strategies changing? How is risk management being handled?
Please take our survey to share your thoughts on the matter. Participants will receive a free copy of the research report.
Scott Matteson is a senior systems administrator and freelance technical writer who also performs consulting work for small organizations. He resides in the Greater Boston area with his wife and three children.