High profile security disasters have raised the awareness within Belgian companies that security should be taken seriously. At the same time, people realize that not enough measures are taken right now, and social networks seem to be one of the weak spots in a security strategy. These are some of the conclusions drawn from a survey that security specialist Bull conducted during the InfoSecurity tradeshow in Brussels in March.

In all, 126 people participated in the survey. They were asked for an opinion on five real-life scenarios. “We preferred asking people about concrete corporate situations rather than abstract questions,” explains Adele Folletti, security practice manager at Bull Belux.

According to the respondents, companies invest in resiliency mainly because of a number of high profile disasters that have already happened. 55 per cent of the people polled say this is the main reason why companies invest in resiliency. A third thinks potential financial and reputational losses attributed to downtime are the main concern. One in five respondents refer to corporate governance legislation like Sarbanes-Oxley, Basel… while 15 per cent believe companies look at best practices at their competitors for their own resiliency strategy.

Visitors of InfoSecurity also believe companies are proactive in their security strategy. Almost six in ten (59%) think companies proactively create business continuity plans, test them and put in place the supporting technologies. Forty per cent say companies are mainly reactive: they may have some emergency procedures and some risk management in place, but they have no business continuity plans or disaster recovery plans to match these procedures.

Companies still place little trust in cloud solutions when it comes to backup and storage. Only 44 per cent say they would include storage and backup in the cloud if they were operational manager of an IS department. Of the people who would rely on cloud storage and backup, eight out of ten (79%) would make sure the system is regularly tested to make sure they can retrieve all the data in case of an emergency. Twenty-one per cent would rely on the contractual agreements with the service provider.

The survey at InfoSecurity shows that people believe in awareness campaigns to ensure security. Confronted with a scenario in which a company decides to roll out smartphones to all employees, sixty per cent of respondents say the security officer should start an awareness campaign, teaching the users of smartphones not to send sensitive information over the smartphone. Ten per cent would simply rely on the current security framework that is provided, while thirty per cent say the security officer should stop the deployment of the smartphones, start a review and update the current security framework.

Social networks appear to be one of the weak spots in a company’s security. The respondents believe that one out of five employees would share company secrets about a technological breakthrough on social networks immediately, while they also think another 43 per cent would share the information through private messages and in direct conversations. Participants in the survey think only 37 per cent of employees would keep this confidential information to themselves.

“This survey clearly shows that organizations are actively thinking about their security strategy,” says Adele Folletti. “Security constraints are growing every day, often driven by compliance. By helping organizations to implement business-focused security mechanisms, clients no longer have to choose between trust and productivity. With Bull, IT security actively promotes the development of core businesses.”