 |
Firewalls, intrusion detection and prevention, and antivirus software are the high-priority defenses information technology (I.T.) managers are pursuing this year to combat I.T. security threats, according to results of a new survey released today by Gartner, Inc.
“Organizations are more concerned about viruses and worms than any other security threat,” said Rich Mogull, vice president in Gartner’s Information Security and Risk research practice and one of the analysts who directed the survey. “Outside hacking, or cracking, as well as identity theft and phishing also are considered significant issues.” Cyber-terrorism was ranked last among the 11 threats listed in the survey.
Phishing is an online fraud that occurs when a cyberthief sends an e-mail with a link to a false Web site where users are asked to provide personal account information.
In the recent survey, respondents rated critical security threats. The results include viruses and worms, a 7.6 rating (“1” indicated “no concern at all,” while a “10” meant “extremely concerned”); outside hacking or cracking, 7.1; identity theft and phishing, 7.0; spyware, 6.8; denial of services, 6.6; spam, 6.3;
wireless
and mobile device viruses, 6.2; insider threats, 6.2; zero day threats, 5.9; social engineering, 5.9; and cyber-terrorism, 5.6.
Conducted in May 2005, the survey included responses from 133 North American organizations with global operations and revenues exceeding $750 million. Six of 10 surveys were completed by I.T. managers, with 91 percent overall answered by employees in I.T. departments.
|
Half of the survey participants said they increased I.T. security spending this year and expected to do so again in 2006. Seven of 10 said they considered the systems and processes of the I.T. unit in which they work more secure than a year ago, mainly because better security controls now are in place.
More than one-third of the respondents said the need to comply with new regulatory requirements, such as those mandated in the United States by the Sarbanes-Oxley Act, was the largest factor in determining spending priorities on I.T. security.
In addition to firewalls, intrusion detection and prevention, and anti-virus defenses, other spending priorities in I.T. security include patch management, strong user authentication, remote access, vulnerability assessment, user provisioning or identity management, security event correlation and reporting, spam filtering and Web-site filtering or blocking.
More than half the respondents said they preferred buying “best-of-breed” products from multiple technology providers. Multivendor suites integrated under a common framework were preferred by more than one-third of the survey participants.
The survey participants work in organizations with a mean average of nearly 2,300 worldwide I.T. employees and a mean average of $207.4 million in worldwide I.T. budget.
|
Highlights of the survey results were presented at Gartner’s recent 11th annual I.T. Security Summit in Washington D.C.
At the conference, Lehman Brothers, the global financial services firm, was named first recipient of the Gartner I.T. Security Innovation Award. Lehman Brothers was recognized for its success in eliminating rogue user accounts and sharply reducing the time and expense of administering more than 400,000 system-user accounts.
Moreover, the time required to completely add or remove user access was reduced to minutes from days. The Lehman Brothers project was based on an innovative deployment of Thor Technologies’ Xellerate Identity and Access Management product.
“The purpose of the award is to recognize world-class security initiatives across industries and promote sharing of best practices in I.T. security,” said John Pescatore, Gartner vice president and distinguished analyst. “Our objective is to identify outstanding efforts in I.T. security that either increase overall security levels or decrease costs of maintaining existing security levels.”
The award competition drew 13 entries from banks, utilities, universities, manufacturers and the public sector. Judges included three Gartner analysts — Pescatore, Kelly Kavanagh and Neil MacDonald, and Alan Paller, founder and research director of the
SANS Institute
. The SANS Institute, the largest source for
information security
training and certification in the world, operates the Internet’s early warning system — the Internet Storm Center.
