Technology | Media | Telecommunications

Monday, May 22, 2017

Why Digital Trust is an Organizational Culture Challenge

Organizational security online is everyone's responsibility, and a key part of all digital transformations. Furthermore, maintaining 'digital trust' is a critical aspect of all business technology deployments. Besides, the concept of digital trust is essential in the Financial Services sector of the Global Networked Economy.

People trust banks with their money, insurance companies with their health and future and investment companies with their savings, and yet the recent International Data Corporation (IDC) market study highlighted that how these organizations manage IT security is not as advanced as we might expect.

Digital Trust Assessment in Asia-Pacific

The report of the findings entitled "IT Security in Financial Services in Asia-Pacific (Excluding Japan) 2017" studied the maturity of 106 financial services organization and found that, on a scale of 1-5 for IT security maturity, more than two thirds of all respondents (71.6 percent) were at either stage 1 (29.2 percent) or Stage 2 (42.4 percent).

"This is not what we had expected to see," says Simon Piff, vice president at IDC. "The key issues at hand that resulted in this shocking statistic is very much about the way IT security is considered within organisations."

Thinking that online security is a problem for the IT organization to solve is both short-sighted and does not embrace the full issue. Therefore, organizations must think in terms of business risk first, then decide how IT can help mitigate some of these risks, and not simply assign an IT label to it.

In the hyper-connected world of today, the methods by which threat actors will try to breach a network are many and varied, and traditional IT approaches of focusing on perimeter prevention, without investing sufficiently into network detection and remediation, is at that heart of the issue.

"The bad guys are already on the inside, and we are all looking outside to see what we can stop thereby missing the advanced threat actors who can create the worst scenario for any business," concluded Piff.

Global IT Security Framework

The results in this study are based on the IDC "2016 IT Security MaturityScape Benchmark Survey" of 852 organizations, conducted from June to July 2016. The telephone survey used a structured questionnaire which focused on the five dimensions of a framework.

For each dimension, IDC created a set of questions to assess the level of capability and/or maturity for the dimension. Of the respondents, 106 identified themselves from the financial services industry. The IDC MaturityScape is based on global best practices for IT security maturity.