Confidence in security wanes

Despite a plethora of products to combat the proliferation of security threats faced by IT organisations, confidence in the ability to avoid a security breach is still low.

Share article

Short of time?

Print this pageEmail article

The latest Symantec IT Risk Management Report, carried out among 500 senior IT managers, found that 60% of respondents expect to encounter at least one major IT incident per year which could halt or disrupt a critical part of their business.

The combination of authentication, authorisation and access was the security process set rated as the highest for effectiveness, with almost 70% of respondents regarding it more than 75% effective. However, the report underlined concerns around asset management; with fewer than 40% of respondents rating themselves over 75% effective in implementing asset inventory, classification and management process controls.

The report also highlighted key differences in the way security threats are perceived by middle and top IT management. Around 5% of senior executives rate business process risk as critical to their IT operations compared to 22% of IT directors. And 23% of IT executives rate compliance risk as critical to their IT operations compared to 16% of senior directors. This misalignment may cause over-or-under- investment in security controls, warns the report.

Security threat remains a top priority

New research has found that security is a top IT priority for European enterprises. Nearly 80% of those firms that are already using security software plan to upgrade or add to that software during 2007, according to a Forrester survey of more than 1,200 decision-makers at enterprises and SMBs.

Today’s organisations are confronted with myriad security problems: more sophisticated incarnations of the same malicious code; faster exploitation of vulnerabilities; and a seemingly impenetrable jungle of regulations and standards.

In order to manage these threats, security executives must focus their efforts on establishing secure business processes, rather than just the applying the traditional IT security tools to problems as they arise, the report says.