Pessimism Running High over Data Breaches
IT organizations appear to be waiting for the inevitable crisis due to constrained security budgets.
There's general agreement that the nature of the security threats facing IT organizations has substantially changed as computing has evolved. With the rise of mobile computing, social networks and Web applications, there are more places for potential vulnerabilities to be discovered than ever.
So it's little wonder that a survey of 388 IT security professionals from Fortune 1000 companies conducted by FishNet Security finds that IT organizations are pretty pessimistic about defending against security breaches. Most tend to think it's only a matter of time before something bad happens.
Part of the problem comes down to simple economics. There is only so much money in the security budget and most of that goes for antivirus and firewall technologies. Those things are important, but they can only do so much.
IT organizations clearly need a more comprehensive approach to security and data governance that deals with mobile, Web and social network applications.
In general, FishNet Security CEO Gary Fish notes that there's been a marked shift toward directly attacking applications, especially on the Web, versus trying to hack through the network perimeter or somehow compromise an end user system. But at the same time, most companies dare not shift any of their spending away from fundamental security technologies such as firewalls or AV software. Like it or not, Fish says companies will have to come to terms with additional security expenditures.
But as this shift takes place, security spending priorities don't appear to be adjusting accordingly. This may be attributable to a lack of funding or a general sense of fatigue when it comes to security. But in either case, the FishNet survey indicates the security professionals know that the next major security breach is almost inevitable.