In last years Tech Outlook, we predicted that 2003 would be like most other years when it came to security. We were wrong. It was one of the worst years on record for security incidents. This was highlighted in August, which saw Blaster and SoBig and was the worst month ever for damage from worm and virus infections.
We cant blame the security vendors for this downward trend. From intrusion detection and prevention systems to vulnerability scanners to firewalls and hardening scripts, weve seen security products continually improve in their ability to protect systems from common attacks.
The problem is, these tools work only in the hands of a properly trained and dedicated security staff that has been given the resources and backing to secure a companys infrastructure.
Until companies treat security as a serious responsibility, instead of as a cost center that doesnt contribute to the bottom line, this negative security trend will only get worse.
Security vendors will try their best to help, and we expect to see more products and appliances that combine security applications and interfaces into systems that are easier for overworked IT staffs to manage and deploy.
One of the biggest potential changes for security is a proposed federal bill—the Corporate Information Security Accountability Act of 2003.
The legislation would require public companies to undergo security audits that would be submitted with their annual reports.
If this bill is passed, it could achieve what constant worm attacks and embarrassing security breaches have failed to do: finally make companies take IT security seriously.
Check back on eWEEK.com tomorrow for our predictions on storage and servers, followed by mobile computing and open source on Friday, collaboration and Web services on Saturday, and networking on Sunday.
Discuss this in the eWEEK forum.