View more results from our survey of midmarket IT leaders on their security concerns and spending plans.
The problem with modern malware is that is never behaves as expected. Although the security industry as whole is getting better about responding to known threats, new threats pop up all the time.
Take for instance the recent Aurora attacks on Google and other companies that exploited an unknown weakness. No amount of spending on traditional anti-malware software would make much difference in this instance.
According to FireEye chief security architect Marc Maiffret, these types of attacks are not particularly sophisticated. They simply discover an unknown weakness, then methodically exploit it. Maiffert says his company's approach to security can defend against these types of threats because all application code coming into an enterprise is run on a virtual machine inside the FireEye Malware Protection System.
But acquiring those systems might not be all that high on the IT agenda. A recent survey of about 140 senior midmarket executives conducted by IT Business Edge found that only 38 percent plan to purchase, upgrade or replace security software within the next 12 months. This drop in priority for software solutions would suggest a combination of security fatigue and economic malaise. Some might argue that this indicates that IT organizations have confidence in their existing solutions. But whether that trust is well placed is another story.
As Maiffret points out, the bad guys just have to be right once. IT organizations, especially at the midmarket level, might not be premium security targets. But being lucky is never the same thing as being smart, and when it comes to security, we all know it's only a matter of time before luck runs out.