No Time To Relax - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Feature
News
7/24/2003
07:30 PM
50%
50%

No Time To Relax

More U.S. companies say they're spending enough to win the information-security battle. Have companies found the right balance of risk and cost, or are they dropping their guard just as threats get more vicious?

More companies are successfully fending off attacks or limiting damage. Only 45% of companies in the 2003 InformationWeek security survey say they fell victim to computer viruses or worm attacks, a big decline from the 70% that reported successful attacks in the 2001 survey. The second-highest category of attack, denial of service, hit only 19% of companies. And total annual losses from security breaches have plummeted from about $456 million in 2001 to around $202 million in 2002, according to the 2003 Computer Security Institute/FBI Computer Crime and Security Survey.

Another change is that more money for IT security products and people aren't seen as the only answer. For the past two years, almost 60% of respondents to the InformationWeek survey cited capital expense as one of the most significant barriers to IT security. This year, 44% do. Another barrier to effective security, lack of time, fell from 51% last year to 37% this year.

But the battle to secure IT systems is far from over. Some 49% of managers say the most significant barrier to effective security is the increasing sophistication of threats. In January, the SQL Slammer worm slowed Internet performance and infected roughly 75,000 systems in about 10 minutes. It was the fastest-spreading worm in history and resulted in $1 billion in damage and cleanup costs globally, according to some security experts. In February, Data Processors International, a company that processes credit-card transactions, had its systems breached and may have had as many as 8 million credit-card numbers stolen. And late last year, an insider at Teledata Communications Inc. allegedly accessed credit files of more than 30,000 consumers, which included customers of Ford Motor Credit.

Despite these high-profile incidents, it appears the reduction in successful attacks and losses caused by those attacks has prompted some companies to shift their priorities from buying security systems to better managing the ones they have. "The initial security big bang, where companies came in and established their policies and made big security purchases, may be over," says Bill Stevenson, information-security officer with New Century Mortgage Corp., a residential mortgage-services company. "Many companies may be focusing on managing security and auditing their systems."

Tighter IT budgets play a role in shifting priorities as well. "People can't keep throwing money at the security problem. The strategies have to change," says John Pescatore, a Gartner research director. The IT advisory firm estimates companies will spend, on average, 5.4% of their IT budgets on security in 2003. "Next year, a lot of companies are going to ask if they really need to get to 6% or 10%. Many companies will conclude they've gotten to the right level. A lot of companies are going to decide that they've thrown a lot of stuff at security and that they now have the right balance."

Cost Of AttacksAs companies get a clearer understanding of the threats and costs, they're better able to measure the value of security systems and weigh that spending against other initiatives. "From a budgeting point of view, security is just another part of the IT budget, and it's competing hard for high priority along with everything else," says Lloyd Hession, chief information-security officer for Radianz, a network-services provider for financial-services companies.

Many executives characterize the transition not so much as a drop in security's importance but as an increase in companies' preparedness. "I've not seen a drop in priority here," says John Hartmann, VP for security and corporate services at Home Depot Inc. "In recent years, there was a significant ramp up, and people spent more time and attention on security. Now security is more in place in a lot of organizations."

The survey results support the proposition that most companies have the fundamentals of security in place. Most of them have network firewalls (81%) and antivirus software (79%) and are using VPNs (71%), access management, and other security applications. As a result, businesses may believe they've invested heavily in security and are reluctant to keep up the pace of spending. "2002 was also a pretty slow economic year, and it just makes sense that security spending increases would drop in line with that," Hartmann says.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
2 of 3
Next
Comment  | 
Print  | 
More Insights
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

News
How CIO Roles Will Change: The Future of Work
Jessica Davis, Senior Editor, Enterprise Apps,  7/1/2021
Commentary
A Strategy to Aid Underserved Communities and Fill Tech Jobs
Joao-Pierre S. Ruth, Senior Writer,  7/9/2021
Slideshows
10 Ways AI and ML Are Evolving
Lisa Morgan, Freelance Writer,  6/28/2021
Register for InformationWeek Newsletters
Video
Current Issue
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll