Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Tuesday, October 16, 2007

Better IT Security Doesn’t Mean Spending More

IT managers trying to figure out how much money to budget for information security purposes each year might want to take note of some recent advice from Gartner Inc.: According to the Stamford, Conn.-based analyst firm, despite the growth in targeted attacks and the continuing discovery of new vulnerabilities, almost 90 percent of the threats companies face today can be handled without any extra investment in security.  Instead, companies need to reduce some of the money they’ve spent over the past few years protecting against mass attacks—redirecting those freed-up resources to confront more narrowly directed emerging threats.

A lot of companies spend too much money on security controls such as firewalls, anti-virus software and other desktop protection tools designed to defend against traditional mass attacks, said John Pescatore, a Gartner analyst.  According to Pescatore, over the years such products have become highly commoditized and can be deployed for far less than many companies currently shell out for such protection.  Such planning is important at a time when the costs associated with security breaches are going up sharply.

Over the next two years in fact, companies can expect breach-related costs to increase on average by 20 percent each year compared to today, according to Gartner.  Increasingly, companies that suffer data breaches are getting sued by victims as well as by other affected parties.

http://www.pcworld.com/businesscenter/article/138494/better_it_security_doesnt_mean_spending_more.html

Posted on 10/16
NewsPermalink