InformationWeek Global Security Survey 2006: Controlled Chaos - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

04:25 PM

InformationWeek Global Security Survey 2006: Controlled Chaos

On the one hand, IT feels safer than it did a year ago. But on the other, more than half of U.S. respondents acknowledge there are more ways to attack business networks now than ever before.

The Costs

The most frequently cited consequences of security breaches are network and application downtime. Companies have a harder time pinning a monetary value on them. Among those experiencing a breach, a quarter of U.S. and European companies and nearly half of Chinese companies couldn't quantify financial losses. But it's obvious the losses can be serious. A former UBS PaineWebber systems administrator is on trial for allegedly planting a logic bomb that took down about 2,000 servers and interrupted the work of 8,000 brokers throughout the United States. The cost of getting systems back up and running was estimated to be $3.1 million, including overtime, assistance from IBM, and other emergency measures. The company has been unable to quantify the attack's impact on revenue.

Mutual insurance firm Amerisure protects its systems using two-factor authentication from RSA Security. The company also has begun rolling out Citrix thin-client access to 450 Wyse terminals, eliminating the need for remote workers to connect via dial-up. The terminals don't contain a hard drive or a floppy drive, making it more difficult for users to tote around data. "There's nothing to steal when you steal a thin client," Amerisure enterprise architect Jack Wilson says. Amerisure has about 80 laptops in the field, most used by managers, and Wilson plans to turn those into Citrix-based thin clients early next year.

Rules Of Engagement

Employee-facing technologies such as identity management systems play a growing role in protecting data. Sometimes it comes down to basics. HealthCare Partners recently lengthened employee passwords to eight characters from six, and it's considering using single-user sign-on to multiple systems. More advanced security measures include proximity badges and biometrics tools to control access to workstations used by multiple health care professionals. An unusual sticking point with biometrics in a health care environment like HealthCare Partners' is that users sometimes resist the idea of touching sensors that may collect germs. Employees don't want to take off their rubber gloves to give a fingerprint, Dittemore says. Only 9% of U.S. survey respondents use biometrics as part of their access-control systems.

While a company's employees, both current and former, pose a security threat, more than half of business technology professionals agree that security technology, policy, and training can do little to stop employee security breaches. Inside threats are a bigger issue for U.S. companies than in other parts of the world. Nearly a quarter of U.S. companies cite authorized users or employees as the cause of an attack in the last year, compared with 22% of businesses in India, 15% in China, and 11% in Europe.

Many IT security managers say the proliferation of external threats occupies too much of their time for them to focus on attacks from within. "Those people are driven and are hard to stop," says Joe Dial, information security administrator with Siemens VDO Automo- tive, who adds that overreacting to internal security threats could block employees from information they need to do their jobs. "I can't have security be an impediment to productivity. That's the conundrum."

The biggest insider threat is an administrator or records clerk who abuses his or her ability to access data without permission, Dittemore says, but he concedes that preventing such a scenario isn't a top priority. The bigger job, he says, is controlling data and managing external threats.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
3 of 5
Comment  | 
Print  | 
More Insights
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Remote Work Tops SF, NYC for Most High-Paying Job Openings
Jessica Davis, Senior Editor, Enterprise Apps,  7/20/2021
Blockchain Gets Real Across Industries
Lisa Morgan, Freelance Writer,  7/22/2021
Seeking a Competitive Edge vs. Chasing Savings in the Cloud
Joao-Pierre S. Ruth, Senior Writer,  7/19/2021
Register for InformationWeek Newsletters
Current Issue
Monitoring Critical Cloud Workloads Report
In this report, our experts will discuss how to advance your ability to monitor critical workloads as they move about the various cloud platforms in your company.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll