Despite the current media panic surrounding identity theft (and a corresponding growth in shredder sales), only 10% of IT managers consider it a serious security threat, according to a recent survey conducted by the Department of Trade and Industry (DTI).
In fact, the biggest threats facing them in 2005, they told the DTI, are those old stalwarts – viruses and worms. Three worms (Blaster, Sobig and Bugbear) accounted for over three-quarters of the worst virus outbreaks in 2004. All three are so-called ‘blended' threats, capable of by-passing traditional antivirus software and attacking network security instead.
As a result, worldwide spending on appliances and software to protect network security topped $3.7 billion in 2004, up 30% from 2003, and is projected to swell to $5.5 billion in 2008, according to IT market research company Infonetics Research. "New technologies will appear, and often start life as standalone products, but eventually their key features will be absorbed into the multi-function VPN/firewall appliances," predicts Infonetics analyst Jeff Wilson.
According to the DTI, over three-quarters of businesses already have a firewall, but for over half of these, that is their only defence. Alarmingly, over 5% have no defences in place at all.
That complacency must be addressed. Web server attacks and website defacements rose by 36% on last year with almost 400,000 attacks globally in 2004, according to zone-h, a cybercrime observatory.
In addition, the rise of spam – often used by hackers as a vehicle for malware – has been meteoric. "This is today's equivalent of waking up and finding a horse's head in your bed. If your office building was broken into, you'd call the cops in a heartbeat," says Malcolm Seagrave, security expert at Energis. In fact, companies are reluctant to go public about security breaches, perhaps fearing bad publicity.
The National Hi-Tech Crime Unit (NHTCU) reports that cyber attacks cost UK business over £2.4 billion a year, but only 24% of information security incidents are reported to law enforcement agencies.
They are, however, pouring money into an already-buoyant enterprise security market, which in Europe, the Middle East and Africa, grew by 32% to EU1.8 billion in 2004, according to market tracker Canalys. With a 15.9% market share, Cisco retained its overall market leadership position, but good performances in the hardware sector from both Nokia and Jupiter served to narrow the gap. In software, meanwhile, Symantec maintained its lead, although Trend Micro, McAfee and Computer Associates all grew faster than Cisco.
Security vendors will come under more pressure as Microsoft increases integration of security functionality, such as client antivirus and anti-spyware, says Canalys analyst Andy Buss. As a result, he adds, many are shifting emphasis to additional features such as manageability and reporting as a differentiator – and as security threats continue to grow in volume and sophistication, that message will strike a chord with many hard-pressed IT managers.