According to the latest research from global consulting firm Protiviti, the majority of companies are not doing enough to investigate potential IT risks and design effective strategies.
Protoviti's 2011 IT Audit Benchmarking Survey polled more than 500 IT auditing professionals around the world, providing crucial insight into prevalent data security challenges. Among the most notable finding was the revelation that one in four companies with revenue below $1 billion do not have any IT risk assessment protocol in place.
"There are simply too many risks associated with the pervasive use of technology, including social media and mobile devices and not enough focus on identifying and managing those risks," said Bob Hirth, Protiviti executive vice president and leader of the firm's global internal audit and financial controls practice. "Businesses have to get serious about addressing IT risks or they will fall victim to their own vulnerabilities. We hope that our survey data and insights will inspire organizations to take a hard look at the effectiveness of their IT audit function."
Even among those organizations with more responsible network security attitudes, the news is not altogether encouraging. More than 40 percent of organizations acknowledge that they do not have either the resources or expertise to carry out portions of their IT audit plans. Not surprisingly, this trend was most pronounced among the survey's smaller companies.
More than 80 percent of firms with annual revenues between $100 million and $1 billion did not have have an IT audit director or comparable position to promote internal accountability. Additionally, 36 percent of North American respondents indicated that they had no plans to complete an internal assessment in the near future.
"If an organization or internal audit function is not thinking about IT governance, IT risks and specifically IT risk assessment, it should be," said David Brand, a Protiviti managing director and the firm's national IT audit leader. "The increased use of and demand for technology and data compel companies to review how these technologies are being leveraged and the risks they are creating."
Internet security is too serious a matter to ignore, and for companies unable or unwilling to conduct internal audits, it may be wise to look toward third-party assistance. By leveraging the expertise of industry experts, companies can get back on the right track with strong software solutions and effective governance policies.
Security News from SimplySecurity.com by Trend Micro