Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Thursday, September 23, 2004

New technology increases threats

New technologies will make existing information security measures obsolete over the next five years, according to analyst Gartner.  And an increase in IT outsourcing will be one of the biggest challenges for chief security officers, who will have to find new ways to safeguard networks, develop data privacy guidelines and protect intellectual property.

‘Extending enterprise networks overseas, as a result of increased outsourcing, can create new problems,’ managing vice president Victor Wheatman told delegates at the Gartner IT Security Summit in London this week.

Emerging technology such as web services and wireless personal devices will also expose new holes in IT security plans, he says.  ‘Each new technology and way of doing business brings with it a whole range of new IT security concerns,’ he said.  ‘And each new wave of technology obliterates the security architecture appropriate to its predecessor, opening the enterprise up to an ever increasing raft of security risks.’

Cybercriminals will be an increasing risk, developing ever-more sophisticated methods of making money using spyware, phishing and spam, says Wheatman.

Gartner says businesses should also put more pressure on vendors to remove security flaws before products are launched.  The analyst predicts that a 50 per cent reduction in software vulnerabilities before shipping could remove 75 per cent of configuration management and incident response costs incurred by businesses.

The key to secure business is management improvement, with the most secure firms spending less than average, he says.  The lowest-spending 20 per cent of firms are also the most efficient and will safely reduce security spending to only three to four per cent of their total IT budget, says Wheatman.

But to achieve this, investment must shift from product-based purchasing to implementing better-designed risk management processes.  ‘We will constantly see new risks because technology and business processes don’t stand still,’ said Wheatman.  ‘It’s about keeping the bad guys out, while letting the good guys in and keeping the wheels on.’

Posted on 09/23