Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Thursday, July 06, 2006

Most enterprises admit IT security failures

Almost 85 per cent of large US enterprises admit to having suffered an IT security incident over the past 12 months, and the number of breaches continues to rise, new research warned.  According to a Computer Associates poll of 642 US enterprise corporates, security breaches have increased by 17 per cent since 2003.  Some 54 per cent of organisations reported lost workforce productivity, 25 per cent reported public embarrassment, loss of trust/confidence and damage to reputation, and 20 per cent reported losses in revenue, customers or other tangible assets.  Of the organisations which experienced a security breach, 38 per cent said that it was internal.  Nearly 40 per cent of respondents indicated that their organisations do not take IT security risk management seriously at all levels, while 37 per cent believe their security spending is too low.  The three most important security steps are documenting security policies (88 per cent), creating security education policies for employees (83 per cent) and creating the role of chief information security officer (68 per cent).

“These survey results demonstrate that even though organisations are investing in security technologies, they still aren’t achieving the results they seek,” said Toby Weiss, senior vice president and general manager of CA’s Security Management Business Unit.  “Clearly, more work needs to be done in terms of improved security management itself and better education of business users about the importance of IT security best practices.”

The survey also found that organisations are turning to identity and access management technologies to improve security, enable regulatory compliance and reduce costs.  More than 75 per cent of the organisations surveyed have implemented some form of identity and access management functionality, and are continuing with investments.  An additional 18 per cent plan to begin rolling out an identity and access management solution or extend their deployments over the next 12 to 18 months.

Posted on 07/06