May 07, 2010
Global Threat, Local Pain: 2010 Strategic Security Survey
The value of all that expensive security technology is diminishing. In 2010, the adversaries we need to worry about are sophisticated, and they’re waging psychological war. The term “advanced persistent threat,” or APT, originated in government circles but is now commonly used by infosec pros referring to determined, professional attackers who aren’t looking for splashy site defacements. They want to burrow into your network and stay there. We know it’s happening, yet in many cases, upper management is still living in a kinder, gentler time.
“The people at the top have no idea of what the current threat landscape is like,” says one newly minted IT pro. “In fact, when my branch tried to report an intrusion to headquarters, we were told that such a thing could not have happened because the company has a firewall. The level of ignorance is actually stunning.” That’s a common theme, and why we’re worried that just 16% of the 1,002 business IT professionals responding to our 2010 InformationWeek Analytics Strategic Security Survey say their organizations are more vulnerable to malicious attacks and security breaches than they were a year ago, a tiny uptick from 13% in our 2009 poll. When asked if their organizations had experienced a security breach or espionage in the past year, only 23% say yes.
Maybe they’re right, maybe not. But one thing we do know: In this war, complacency can get you killed.
Fortunately, the stars seem to be lining up on our side. The economy is doing better, which should free up additional security dollars. Google’s well-publicized travails in China have raised awareness of organized threats. A new strategic U.S. Cyber Command, part of the U.S. Strategic Command, has been established. We’re seeing increased enforcement of HIPAA requirements and the potential for a federal breach notification law. And yes, we believe regulation is a good thing for IT, even if it does increase complexity.
We surveyed and talked with more than 1,000 organizations in government, financial, healthcare, manufacturing and other sectors to determine the state of security in 2010. In this report, we’ll analyze results and discuss why we need a new way of looking at security. The wrong technology expenditures will yield vastly diminished returns, so we’ll ensure you don’t spend time, money and energy trying to solve yesterday’s problems. And, we’ll explain why you need to take a marketing pro to lunch, sooner rather than later. (1070510)
Survey Name: InformationWeek Analytics 2010 Strategic Security Survey
Survey Date: April 2010
Region: North America
Number of Respondents: 1,002