Nearly 75% of IT directors do not trust their current IT security measures while a further 7% feel they are “not at all secure”, according to research issued by information security provider SafeNet. 

 
According to the survey, which polled the views of 1,200 IT directors across the finance, public sector, retail and technology industries, a mere quarter of respondents have full confidence in the security of their networks. Overall the survey found a 5% growth in the perceived vulnerability of IT networks, with just 2% responding that their networks were “not at all secure” in 2006.

 
Perhaps not surprisingly, employee misuse and theft of information – a hot topic among security circles of late – was cited as the greatest concern for 32% of IT directors, while unauthorised access to information systems by outsiders came a close second at 27%. The theft or loss of “mobile devices containing sensitive information” was the biggest fear for a further 20% of respondents, reflecting the ongoing proliferation of removable mass storage devices within corporate networks.

 
According to SafeNet, this year’s results of key security concerns closely mirror those of last year. Corporate confidence in network security had made few advances in the last 12 months, the report concludes, which “does not bode well for boards, shareholders or customers,” commented Gary Clark, VP EMEA, SafeNet.

 
John Walker, head of operational security at online financial services organisation Experian and vice president of the Information Security Systems Association (ISSA), told Information Age that the findings point up the more fundamental problem of “paper based” security, prevalent throughout the corporate community. “At the director and Chief Information Security Officer level, most do not understand what real technical security is beyond the facets of policy. This is a really big issue.” 

Not only have IT security professionals “lost sight of what IT security is at its most fundamental position”, he added, but in many instances have served to compound the threat. “In my opinion, the position of what IT security should be will crash in the next 12 months or so,” Walker continues. “We are on a brink and simply chucking money at the problem does not solve the issue.”