In a survey of IT security professionals attending the RSA Conference, one-third of respondents cited uncovering identity management as their biggest organizational concern.
While 29 percent of respondents ranked e-mail viruses as their most significant threat, 68 percent listed Web viruses, suggesting that Web viruses pose more of a threat than e-mail-born ones.
Paul Davis, a Boston-based IT security strategist, agrees that Web viruses should be considered a more pressing IT concern, noting the while most companies have good virus protection, they dont have adequate controls on the users Web surfing habits.
"Add to that challenge of the increasing trend of providing their users with laptops. It doesnt take much to imagine a user taking the laptop home and surfing using their own ISP, thus bypassing all of the normal corporate connections," Davis said.
"This means that one layer of defense has been removed and now the corporation/business has to rely solely on the local workstation defense that hopefully is up to date and switched on."
Survey respondents called configuring firewalls their IT departments single most time-consuming task, accounting for over three hours work per week for half of all IT pros, a number Davis said could be high or low, depending on an organizations needs.
"This is not the type of tool that you can just leave in the back of the server room. I have worked with some organizations that actively used their firewall to block attacks; others had such a dynamic business model that configuration changes were made on a daily basis," Davis said.
Davis added that it comes down to a business decision of balancing the cost of the risk against the cost of being secure.
With 64 percent of respondents ranking mobile phone viruses as their least significant threat and 50 percent placing IM-borne viruses right above that, these viruses registered little concern in the minds of IT security pros, something Davis sees a potentially risky.
He said that IT security professional have to prioritize all of the things to do with keeping the business secure and that perhaps there are more important and critical items on their to-do list, but Davis does think that with the increasing use of mobile devices, there is an increasing risk.
"We are seeing multiple reports of data being lost on laptops. Who has started worrying about all of those PDAs and mobile phones being left in the back of taxis and airplanes? [Security tools for mobile PDAs] are needed as the connectivity options of these devices allow connectivity through so many different types of network services," said Davis.