informa
/
3 min read
article

InformationWeek Global Security Survey 2006: Controlled Chaos

On the one hand, IT feels safer than it did a year ago. But on the other, more than half of U.S. respondents acknowledge there are more ways to attack business networks now than ever before.
Return on security investments is almost impossible to pinpoint. A breach of customer data could easily cost millions of dollars, but if a breach doesn't happen, what's the payback on a job well done? The primary methods of evaluating ROI on security investments involve labor hours spent on network security, a decline in network downtime, and a decline in breaches.

Regulations are forcing companies to re-evaluate their security initiatives. In the United States, Sarbanes-Oxley (41%), the U.S. Homeland Security Act (25%), and the USA Patriot Act (23%) have forced companies to change their security practices. In Europe, 30% of companies have made adjustments as a result of the EU's Data Protection Directive. In China, 27% of firms report changing security policies to comply with the Bank Secrecy Act.

Given all the challenges and requirements, it's surprising that more companies don't have dedicated professionals managing their top-to-bottom IT security. Only a third of companies surveyed have a chief information security officer overseeing IT security policy and technology.

Worms Wriggle InArray Of Perils

Companies haven't lost sight of the little things. Viruses, worms, spyware, and spam are more than nuisances--they're top priorities for anywhere from a quarter to two-thirds of companies around the world. And the threat of destructive e-mail attachments hasn't disappeared. Thirty percent of U.S. companies say they were a method of attack in the past year.

Significantly, fewer companies (28%) experienced attacks in the past year because of operating system vulnerabilities than they did in 2005 (43%), and reports of viruses and worms declined, too. Unfortunately, as these threats lessen, others grow in severity.

In China, a quarter of respondents report that their organizations had to deal with identity theft in the last 12 months, nearly three times the rate in the United States and Europe. Viruses and worms are the most-often-cited security breaches in India.

"There's lots of stuff coming out," says Florida Power & Light's Garmon, though nothing as scary as some of the destructive worms of the past. "Everyone's got antivirus, practically everyone's got firewalls, and lots of companies have intrusion prevention."

But those baseline security systems are only a first line of defense, and determined cybercrooks have shown, repeatedly, that they're able to break through. Security managers would do well to remember that their jobs don't reward success as much as they punish failure.

Illustration by Ryan Etter

Continue to the sidebars:
Built-In Software Security Flaws Have Companies Up In Arms,
Outsourcers Fill Businesses' Security Gaps
and Global Differences