Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Thursday, November 16, 2006

Companies are not spending their security dollars wisely

Today’s enterprises are not spending their security dollars wisely, often shelling out vast sums to protect their least-sensitive digital information while ignoring common risks like insider threats and paper theft—a situation that security experts insist is likely to get worse over the next four years.  Recent research conducted by analyst firm Forrester Research Inc. in Cambridge, Mass., indicates that organizations are spending millions on security, but not in the areas where the risk is greatest.

“There has been a lot of spending on network security, but the perception is there is not a lot of risk in that area,” says Forrester senior analyst Tim Sheedy.  Sheedy claims that in a few years IT security will be measured much like other business metrics.  Businesses will be able to factor in the actual information security risk, based on factors such as employee behaviour, system readiness and the financial ramifications of employees who expose an organization’s most sensitive information—either willingly or by accident.  “Putting actual metrics—and particularly financial metrics—around security is going to be a major trend,” Sheedy said.

By 2010, says Pullen, industries like retail, construction and finished goods will have to deal with the same online nasties that plague online banking today—and most won’t be ready.

“In 37 months time I think there will be a public company either forced into chapter 11 (US bankruptcy code) or forced into bankruptcy in Australia because of a security breach that either resulted in goods being stolen from them or an incident with such an impact a company is forced to shut down,” he said.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9005164&taxonomyId=17&intsrc=kc_feat&WT.svl=bestoftheweb1

Posted on 11/16
NewsPermalink