The Coming Inevitable Security Breach

Michael Vizard
Slide Show

Pessimism Running High over Data Breaches

IT organizations appear to be waiting for the inevitable crisis due to constrained security budgets.

There's general agreement that the nature of the security threats facing IT organizations has substantially changed as computing has evolved. With the rise of mobile computing, social networks and Web applications, there are more places for potential vulnerabilities to be discovered than ever.


So it's little wonder that a survey of 388 IT security professionals from Fortune 1000 companies conducted by FishNet Security finds that IT organizations are pretty pessimistic about defending against security breaches. Most tend to think it's only a matter of time before something bad happens.

Part of the problem comes down to simple economics. There is only so much money in the security budget and most of that goes for antivirus and firewall technologies. Those things are important, but they can only do so much.

IT organizations clearly need a more comprehensive approach to security and data governance that deals with mobile, Web and social network applications.

In general, FishNet Security CEO Gary Fish notes that there's been a marked shift toward directly attacking applications, especially on the Web, versus trying to hack through the network perimeter or somehow compromise an end user system. But at the same time, most companies dare not shift any of their spending away from fundamental security technologies such as firewalls or AV software. Like it or not, Fish says companies will have to come to terms with additional security expenditures.

Of course, there's been a significant increase of interest in services that deliver security via the cloud to help reduce costs. Fish says that while these new approaches to delivering security will play an important role, IT organizations will have to develop a comprehensive approach to security that spans everything from the latest mobile device to applications running in the cloud. Fish says that will require a hybrid approach involving on-premise software, managed services and cloud computing services.

But as this shift takes place, security spending priorities don't appear to be adjusting accordingly. This may be attributable to a lack of funding or a general sense of fatigue when it comes to security. But in either case, the FishNet survey indicates the security professionals know that the next major security breach is almost inevitable.

Add Comment      Leave a comment on this blog post
Sep 16, 2010 1:07 AM Ashley at Absolute Software Ashley at Absolute Software  says:

The traditional ways of managing, preventing and addressing security are no longer effective.  With a rise in mobile computing and the use of the web for work, companies must develop a security approach that accounts specifically for the threats associated with these newer processes. 

There are ways to manage mobile devices, both the physical device and the data that lives there.  Device management is only one part of what needs to be a much more robust plan.  A multi-layer approach that includes encryption, training, device and data management can help a company to protect its assets from a variety of vulnerabilities.

I work for Absolute Software, and we provide organizations with not only a tool, but the support necessary to proactively manage risk and foster results.  To learn more about business solutions please visit: 

Many thanks,

Ashley, Absolute Software


Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.