Editor's Note: How Secure Are You Really?

The question "Is your company more vulnerable?" is as much about perception as reality, John Foley says.
When the results of InformationWeek Research's annual Information Security Survey came in a few weeks ago, we were surprised to see that 84% of survey participants don't believe their organizations are more vulnerable to malicious-code attacks and security breaches than a year ago. Do these people run their computer operations in an airtight biosphere somewhere? With Wi-Fi, cell phones, and Bluetooth, even that wouldn't be safe these days.

The answer appears to be that IT professionals simply aren't intimidated by the threats that keep coming. Worms, viruses, Trojans, keystroke loggers, phishing, pharming, denial-of-service attacks, software vulnerabilities, cracked passwords, spyware--they're all in a day's work. Survey respondents apparently believe they've got the systems and processes in place to deal with the increasingly complex threats.

That's reassuring, but worrisome, too. Are businesses really that well prepared for the next PC-crashing, data-stealing, multimodal attack bot that comes sneaking their way? Sure, firewalls and intrusion-detection systems are in place, and the arrest late last week of two men suspected of creating and distributing the Zotob worm is encouraging. But then, there are those data-archiving tapes that have gone missing. And credit-card accounts that were recently hacked. And the narrowing window between the time a software patch gets issued and an exploit goes after the hole it's meant to cover.

So, the question, "Is your company more vulnerable?" is as much about perception as reality. Here's hoping the gap between the two isn't as big as it seems.

John Foley
[email protected]

Stephanie Stahl returns to this column next week.

To discuss this column with other readers, please visit John Foley's forum on the Listening Post.

To find out more about John Foley, please visit his page on the Listening Post.

Editor's Choice
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing
John Edwards, Technology Journalist & Author
Shane Snider, Senior Writer, InformationWeek
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
John Edwards, Technology Journalist & Author