More than one-fifth (21 per cent) of Canadian businesses have seen more IT security incidents in the last year, and investment in the area of information security lags behind global trends.
Just 5% of spending was invested in new technology and processes targeting information security, according to the Ernst & Young Global Information Security Survey.
"In recent years, businesses have made significant moves to respond to information security threats by addressing vulnerabilities with increased resources, training, governance and integration," said Rafael Etges, Ernst & Young's information security practice leader in Toronto. "But with better technology and smarter attacks occurring in greater numbers, short-term solutions and incremental changes are not enough. What we need now is a fundamental business transformation to close the gap."
HR has two key roles in improving the situation, according to Ernst & Young. The company suggests taking a 360 degree look at new technologies such as social media, big data, cloud and mobile technologies to identify and offset the associated risks, all vital areas for HR’s involvement. Many security leaks start with people and poor policy so HR needs to know what technologies and sites employees use in order to start drafting policies around that usage.
The other key area that HR can help with is involving leaders in the system. Changes need to be supported from the top, with a focus on transparency and consistency.
While the primary focus should be on security operations and maintenance rather than on innovation, just 36% of Canadian respondents indicated that their function fully meets their needs.
"Today in Canada, information security functions are fixing problems that are three to five years old, and the gap between what they are doing and should be doing has widened," Etges said.