A survey from Finjan says 25 percent of security pros admit their organizations have experienced a security breach, and many others aren't sure. With many security pros expecting their budgets to go up in 2009, data protection and other security technologies remain key spending items for businesses.
Businesses are afraid
and rightly so, as a survey of nearly 1,400 IT
security professionals by Finjan found 25 percent admitted experiencing a
security breach at their company.
Another 42 percent could not rule out the possibility that their data had
been breached. The statistics, contained in Finjan's "Web Security Survey
2008" report, come on the heels of a survey by Forrester Research that
found about 96 percent of IT security pros expect their budgets to either
increase or stay the same in the coming year.
Taken in combination, the two studies underscore the attitudes behind the
growing emphasis on IT security among businesses. In the Forrester study, which
features responses from more than 1,200 North American security decision
makers, 21 percent of respondents said they expect their IT security budgets to
increase in 2009. Nearly 75 percent expected the budget to remain the same,
while the remainder predicted cuts.
Alex Jablenski, IT security team leader for Philips Healthcare, said his
company's Philips Lifeline division will see its security budget jump 33
percent in 2009.
"In 2009 we will be purchasing more IPS
[intrusion prevention system] devices," Jablenski said. "As we gain
better understanding of the various threat scenarios it has become apparent
that large-scale network-type attacks have taken a backseat to ... customized
time-blended attacks against entities perceived to contain or have access to
sensitive financial data.
"We have also seen a vast increase in social exploit attempts, mostly
in the form of phishing
" he continued. "Lastly we have seen how unencrypted
data which has been lost due to misplacement or theft has been consequently
used later for illegal purposes. For those reasons, while we maintain a strong
defensive posture toward wire attacks, we have turned our attention to addressing the
more elusive aspects of IT security such as data encryption while at rest and
anti-social-engineering education of our employees."
When separated by vertical, the respondents to the Finjan study still
expressed largely similar beliefs regarding whether or not they had experienced
a breach. Forty-five percent of those working in the health care sector and 43
percent working in the finance and banking industries said their organizations
had never been breached. In the government sector, however, that number dropped
to 32 percent.
About 73 percent of the respondents in the Finjan survey listed data theft as
a top concern. Perhaps correspondingly, more than half of the respondents to
the Forrester Research survey counted data protection as their top priority for
"People mean different things when they say data protection, but it
typically translates into encryption and DLP
[data loss prevention]," said Forrester Research analyst Khalid Kark.
However, Kark said, "The corporate cultures are
changing, [and] boards and executive managers are realizing that technology is
only part of the solution. Security is all about people and adjusting the
culture of the organization."