Special Report: I.T. Security Findings

Ineffective policies and careless employees leave plenty of openings for data thieves and cybercriminals. Yet most CIOs claim security is under control.

Ineffective policies and careless employees leave plenty of openings for data thieves and cybercriminals. Yet most CIOs claim security is under control.

Finding 1:
IT Executives Say Security Is Adequate Despite Threats
Security snafus often make news, but most CIOs arent rattled. As previous CIO Insight surveys have shown, very few IT executives think their companies are at high risk, and most feel their IT security measures are up to the job. True, IT executives at firms that see themselves at high to moderate risk are somewhat more likely to express doubts, and as later findings show, there are still many threats. But increases in security budgets, along with confidence that security technologies are improving, are keeping anxieties under control enough so CIOs should beware of overconfidence.

Finding 2:
Online Fraud and Theft Has Hurt Few Companies
But more than one company in five report some sort of security breach. With all the publicity about phishing and other online scams, one of the goals of this years security survey was to find out whether hackers, cybercriminals and insiders also were managing to steal money from companies, or whether the threat was becoming an especially important concern. That doesnt appear to be the case. Only 8 percent say theft or diversion of money from their company and its customers is one of their top internal security concerns. Few respondents say their companies were robbed or had property stolen, and of those who do, more cite theft of paper documents than any other kind of theft. While consumers may be ravaged by identity theft and phishing scams, IT executives feel they are taking precautions and say their own companies are relatively immune from comparable threats and fraud. In fact, more expressed confidence their companies can avert these crimes than avoid being struck by viruses and other security problems.

Finding 3:
Careless Employees and Lost Laptops Are Danger No. 1
IT executives remain more concerned about thoughtless behavior and lack of security awareness than any other security-related employee behavior. That concern carries over to social networking sites and blogs. But whats new is that this years survey finds lost or stolen laptops and storage media are considered the biggest threat to IT assets. Could stronger, better enforced policies help? It seems that way. Many feel their policies arent followed by a significant portion of their employees. And while most companies do have acceptable use policies in place, far fewer have policies for deleting no longer needed data, moving equipment and tapes and working with company or customer data outside the office.

Finding 4:
Weak Protection Policies Put Social Security Numbers at Risk
Forty-four percent of the organizations we polled collect their consumers Social Security numbers. How well are they able to protect them? Over 90 percent of respondents have a corporate privacy policy in place covering employee and customer data. However, while companies that collect Social Security numbers tend to be more stringent in protecting personal data than companies that dont, many of their privacy policies have gaping holes or go unenforced. Furthermore, as our earlier security surveys have shown, many companies.

/zimages/7/28571.gifRead the full story on BaselineMag.com: Special Report: I.T. Security Findings