SÃO PAULO, Feb. 2, 2017 /PRNewswire/ -- Level 3 Communications is sharing the results of the Level 3 Security Index, a study conducted by leading analyst firm IDC to identify the information security and corporate IT infrastructure maturity of Brazilian organizations. In the Level 3-sponsored study, Brazil received an overall score of 64.9 points out of a possible total of 100 points.
Read the Full Study Here: www.level3.com/SecurityIndex
- On average, companies in Brazil have two professionals dedicated to information security.
- About 57 percent of interviewed organizations already use Managed Security Services (MSS) as a response to the lack of qualified professionals.
- Approximately 25 percent of companies cannot measure the impacts stemming from incidents related to information security.
- Only 42 percent of organizations claim to practice and generate metrics on the compliance of their information security policies.
The report researched four topics: Awareness, Tools, Prevention, Mitigation.
- The study showed large companies have greater difficulty with visibility of security issues.
- This lack of visibility is related to the complexity of their environments and systems.
- As for awareness to quantify suffered or mitigated attacks, 34 percent have complete visibility; the other 66 percent have no or partial visibility.
- When asked about measuring security incidents' impact, 25.5 percent don't know, and 32 percent know superficially, while 42.2 percent can detail the impact in every system or critical ones.
- The study showed internal technology tools are the most challenging area for security.
- This is because the acquisition of security-oriented technology tools, to some extent, are linked to companies' investment capacity.
- According to the research, more than 61 percent of companies believe only a few professionals are fully qualified or are below the ideal regarding the level of staff training to use the tools available.
- Large companies are active in prevention, establishing and monitoring controls with greater attendance, ensuring a better level of performance.
- When asked about policies and information security standards established and documented, 28 percent do not have a set schedule to review and update, while 33 percent review and update only once a year.
- The study shows communication skills and the activation structure are, in many cases, informal and not well documented.
- 46 percent of companies have no frequency of revision for contingency and security procedures.
- When asked about the degree of alignment on information security, in the item "internal controls of fraud detection and prevention are periodically validated," 41 percent consider this is reality in their companies,, while 59 percent of respondents still consider it it distant.
The study recommends these items to improve the overall maturity of information security for Brazilian companies:
- Think about hiring outsourced and managed services.
- Invest in tools that enable better control, visibility and automation to maximize the information security team's efficiency.
- Prioritize investments according to the priority of each environment, risk and impact assessment.
- Show the benefits of information security using well-defined metrics.
- Conduct safety tests more frequently and with a larger scope.
- The study showed a more proactive outlook for information security in 2017.
- More than 42 percent of the companies surveyed intend to increase their IT budget for 2017 in comparison to 2016.
- The Infrastructure as a Service (IaaS) model is gaining traction not only for computing but also for storage — a factor that increases concerns around security and governance of information.
Luciano Ramos, Software Research Coordinator, IDC Brazil
"The index shows that Brazil still has a long way to mature in the area of security. Companies need to understand the importance of each of the areas analyzed in the index and balance their investment based on them. To advance from the current level, there are actions that need to be undertaken regarding team specialization, revision of processes and adoption of state-of-the-art tools. The evolution of Information Security is a subject that must be addressed continually."
André Magno, Director of Data Center and Security, Level 3 Brazil
"With the rapid growth of cybersecurity threats in Brazil, which is above the world average, we've noticed the need to develop a study that could reveal the current degree of maturity of security practices in Brazilian corporations. From this index, we can collaborate with the Brazilian market to focus on the main opportunities in the evolution of cybersecurity for their business and customers."
To reach this result, IDC interviewed 100 companies based in Brazil with more than 250 employees (most with more than 1,000 employees). They interviewed managers in four areas: awareness, tools, prevention and mitigation. During interviews with Information Security leaders, researchers assessed their degree of knowledge about the impact of security in business, detection skills and the ability to measure threats to their systems, among other topics. Also, they analyzed data available on IDC Global and Brazil, and the market to have more qualitative information. The final index is the mathematical weighting of the four themes proposed in the interviews.
International Data Corporation (IDC) is the premier global provider of market intelligence, advisory services, and events for the information technology, telecommunications, and consumer technology markets. With more than 1,100 analysts worldwide, IDC offers global, regional, and local expertise on technology and industry opportunities and trends in over 110 countries. IDC's analysis and insight helps IT professionals, business executives, and the investment community to make fact-based technology decisions and to achieve their key business objectives. Founded in 1964, IDC is a wholly-owned subsidiary of International Data Group (IDG), the world's leading media, data and marketing services company. To learn more about IDC, please visit www.idc.com. Follow IDC on Twitter at @IDC.
About Level 3 Communications
Level 3 Communications, Inc. (NYSE:LVLT, news, filings) is a Fortune 500 company that provides local, national and global communications services to enterprise, government and carrier customers. Level 3's comprehensive portfolio of secure, managed solutions includes fiber and infrastructure solutions; IP-based voice and data communications; wide-area Ethernet services; video and content distribution; data center and cloud-based solutions. Level 3 serves customers in more than 500 markets in over 60 countries across a global services platform anchored by owned fiber networks on three continents and connected by extensive undersea facilities. For more information, please visit www.level3.com or get to know us on Twitter, Facebook and LinkedIn.
© Level 3 Communications, LLC. All Rights Reserved. Level 3, Vyvx, Level 3 Communications, Level (3) and the Level 3 Logo are either registered service marks or service marks of Level 3 Communications, LLC and/or one of its Affiliates in the United States and elsewhere. Any other service names, product names, company names or logos included herein are the trademarks or service marks of their respective owners. Level 3 services are provided by subsidiaries of Level 3 Communications, Inc.
The information contained under the title "About IDC" is provided by IDC and is solely responsible for its content.
Some statements made in this press release are forward-looking in nature and are based on management's current expectations or beliefs. These forward-looking statements are not a guarantee of performance and are subject to a number of uncertainties and other factors, many of which are outside Level 3's control, which could cause actual events to differ materially from those expressed or implied by the statements. Important factors that could prevent Level 3 from achieving its stated goals include, but are not limited to, the company's ability to: increase revenue from its services to realize its targets for financial and operating performance; develop and maintain effective business support systems; manage system and network failures or disruptions; avert the breach of its network and computer system security measures; develop new services that meet customer demands and generate acceptable margins; manage the future expansion or adaptation of its network to remain competitive; defend intellectual property and proprietary rights; manage risks associated with continued uncertainty in the global economy; manage continued or accelerated decreases in market pricing for communications services; obtain capacity for its network from other providers and interconnect its network with other networks on favorable terms; successfully integrate future acquisitions; effectively manage political, legal, regulatory, foreign currency and other risks it is exposed to due to its substantial international operations; mitigate its exposure to contingent liabilities; and meet all of the terms and conditions of its debt obligations. Additional information concerning these and other important factors can be found within Level 3's filings with the Securities and Exchange Commission. Statements in this press release should be evaluated in light of these important factors. Level 3 is under no obligation to, and expressly disclaims any such obligation to, update or alter its forward-looking statements, whether as a result of new information, future events, or otherwise.