Such is the conclusion arrived in the State of Information Security Survey 2008 conducted by PricewaterhouseCoopers, CIO, and CSO magazines, according to techtree.com. The survey polled 7,000 IT executives in 119 countries. According to the breakdown by TechTree, 55 percent of Asian firms are encrypting databases, 50 percent are adopting laptop encryption, and 47 percent are protecting backup tapes and other media — I imagine portable drives and flash memory sticks.
Indeed, if one visits the PwC site, links below, they note the following:
“Asian companies no longer lag behind North American ones in establishing leading practices in security. Boosted by the widespread advances made by companies principally in India and, to a lesser extent, Singapore and Hong Kong, Asian security (if not privacy) practices are now on a par with those in North America—and in some cases exceed them.”
This is, no doubt, on top of any improvements the North American region has made since the last survey, when Europe and North America were found to have similar levels of information security in place (which is no more. The same survey finds that Europe has ceded information security leadership to North America).
However, it behooves people to know that information security cannot rely on technology alone. While investing in file encryption to protect the contents of digital documents won’t negatively affect information security, as long as people are not aware of the need for this and other data protection measures, such spending will be the ultimate case of throwing money at the problem.
Earlier this year, Société Générale showed how technologically advanced information security systems were useless if people are not security conscious. Supposedly, a junior trader was able to rack up an astonishing 4.9 billion euro loss. There were controls in place, but by using computer usernames and passwords assigned to his colleagues, the trader was able to bypass security meant to stop his actions. How did he get those authentication factors? He alleged, if I recollect correctly, that they were given to him to expedite work (people being out of the office when access was needed to a particular file, etc.), although now I’m reading that he had access to them when he was working in the back office, and decided to keep them once he got promoted to the front.
Remember, tools like encryption software from AlertBoot encryption solutions are ultimately tools. If you decide to ignore warnings and instructions, it can ultimately work against you. Making sure employees, contractors, consultants, etc. understand the importance of data security is as important as ensuring the tool is available.