RSS Alerts

Related Links

Related Stories

  • Feds tighten up cybersecurity hiring policies
    The federal government is tightening up hiring policies for cybersecurity professionals by launching cybersecurity competency models for its employees.
  • Survey shows information security awareness is high, yet compliance is low
    SAI Global’s Benchmarking Survey 2008 finds that 95% of employees believe information security is important, but that there is a lack of knowledge and training surrounding how to identify and report incidents.
  • A Blueprint for Secure Intellectual Property
    Protecting intellectual property (IP) is imperative for any business. Providing a unique business model will encourage revenue, and keeping selected information from ambitious soon to be ex-employees should help to stave off the competition. Add a recession to the mix, complete with unscrupulous tactics, legal grey areas and an increase in redundancies, and the brewing threats might just boil over. Rob Stringer looks into the not-so-secret formula for keeping intellectual property secure
  • The PCI Paradox - why PCI DSS isn't preventing data breaches
    PCI DSS has been criticized as being both too prescriptive and too vague. The standard’s effectiveness has come under scrutiny once again as PCI compliant organizations have suffered huge data breaches in recent times. Danny Bradbury looks at the standard to find the root of the problem
  • Using Information Security to Protect Critical National Infrastructure: Energy Sector is Hackers’ Biggest Target
    The oil and gas industries are natural targets for cyber-criminals due to sensitive data and very deep pockets. With the introduction of newer IT technologies, such as wireless and even social networking, the jobs of the information security teams are not getting any easier. John Sterlicchi reports

News

Understaffed companies putting IT security at risk, says Symantec

24 February 2010

A lack of IT staff resources is hindering corporate security, according to a study released by Symantec this week. And companies are exacerbating the issue by embarking on new IT projects that create security problems.

Forty-two percent of respondents to the Symantec 2010 State of Enterprise Security Study said that security was their top issue. And yet enterprise security is understaffed, according to the survey of 2100 enterprise CIOs, CISOs and IT managers from 27 countries. IT departments assign 120 employees to security and IT compliance on average, but it isn't enough.

The areas most affected by understaffing are network security and end point security, both of which were areas of concern for 44% of companies. Thirty-nine of companies said that understaffing was affecting messaging security.

While enterprises fail to staff their security efforts properly, they are fanning the flames with problematic projects in the areas of infrastructure-as-a-service, platform-as-a service, server virtualization, end point virtualization, and software-as-a-service, Symantec said.

All of this is happening against a backdrop of IT compliance pressures. Comapnies are exploring 19 separate IT standards or frameworks on average, and are currently employing eight of them.

Three in every four organizations experienced attacks on their computing infrastructure in the past year, according to Symantec. Just over two-thirds said that those attacks were somewhat or highly effective. Twenty-nine percent of companies said that attacks had increased in the last year.

The top three reported losses among businesses were theft of intellectual property, theft of customer credit card information, or other financial information, and theft of customer personally identifiable information. More than nine in every ten companies experiencing these attacks lost money due to productivity, revenue, and loss of customer trust.

"Organizations need to protect their infrastructure by securing their endpoints, messaging and Web environments," said Symantec. "In addition, defending critical internal servers and implementing the ability to back up and recover data should be priorities. Organizations also need the visibility and security intelligence to respond to threats rapidly."

 

This article is featured in:
Compliance and Policy

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water