Regulations are forcing companies to re-evaluate their security initiatives. In the United States, Sarbanes-Oxley (41%), the U.S. Homeland Security Act (25%), and the USA Patriot Act (23%) have forced companies to change their security practices. In Europe, 30% of companies have made adjustments as a result of the EU's Data Protection Directive. In China, 27% of firms report changing security policies to comply with the Bank Secrecy Act.
Given all the challenges and requirements, it's surprising that more companies don't have dedicated professionals managing their top-to-bottom IT security. Only a third of companies surveyed have a chief information security officer overseeing IT security policy and technology.
Array Of Perils
Companies haven't lost sight of the little things. Viruses, worms, spyware, and spam are more than nuisances--they're top priorities for anywhere from a quarter to two-thirds of companies around the world. And the threat of destructive e-mail attachments hasn't disappeared. Thirty percent of U.S. companies say they were a method of attack in the past year.
Significantly, fewer companies (28%) experienced attacks in the past year because of operating system vulnerabilities than they did in 2005 (43%), and reports of viruses and worms declined, too. Unfortunately, as these threats lessen, others grow in severity.
In China, a quarter of respondents report that their organizations had to deal with identity theft in the last 12 months, nearly three times the rate in the United States and Europe. Viruses and worms are the most-often-cited security breaches in India.
"There's lots of stuff coming out," says Florida Power & Light's Garmon, though nothing as scary as some of the destructive worms of the past. "Everyone's got antivirus, practically everyone's got firewalls, and lots of companies have intrusion prevention."
But those baseline security systems are only a first line of defense, and determined cybercrooks have shown, repeatedly, that they're able to break through. Security managers would do well to remember that their jobs don't reward success as much as they punish failure.
Illustration by Ryan Etter
Built-In Software Security Flaws Have Companies Up In Arms,
Outsourcers Fill Businesses' Security Gaps
and Global Differences