Canadian companies are more confident in their security decisions, according to a recent study conducted by Branham Group Inc., but the topic is still at the forefront of respondents’ minds, with over half of those surveyed ranking security as one of their top five corporate priorities.
The survey, which was conducted by Branham Group on behalf of Symantec Canada, was released during a CIO Canada Frankly Speaking breakfast seminar earlier this month. CIO Canada is published by IT World Canada, as is ComputerWorld Canada.
For the second consecutive year unauthorized access and viruses made the list of the top three security concerns. Unlike last year’s survey, which had hackers rounding out its top concerns, the 2004 survey showed that along with unauthorized access and viruses, enterprises today are more concerned about identity theft.
Recent numbers released by outsourcing services company EDS Corp. indicate that although identity theft may sound like an odd security concern for enterprises to have, it is becoming a growing problem.
Perpetrators are stealing business identities to find and take private information from customers in order to defraud an organization. Last year was the worst year for identity theft, according to EDS, and 2004 is shaping up to be even worse.
Although the Branham Group’s survey indicated that companies are still putting funds into IT security, Andrew Bisson, director of planning and market analysis at the firm, said it is a much smaller amount than last year because companies are now in a period of re-evaluation.
Instead of implementing new security measures, enterprises are evaluating how well the technology they are currently using is working and what, if any, new technologies they should be looking at for the future, he added. Also revealed in the survey was the fact that the majority of enterprise IT security issues are dealt with internally — a revelation that concerns Michael Murphy, general manager for Symantec Canada.
When it comes to security, there are no winners or losers, Murphy explained. Because security is a complex issue, enterprises need to come to the realization that it isn’t something they should do on their own. Companies shouldn’t feel like they can’t outsource the managing or monitoring of their security networks, he added.
Also of concern to Murphy: companies listed adding antivirus software as one of the top security measures they hope to implement by 2005. According to Murphy, this isn’t necessarily the right route to take. Instead, integrating early warning solutions — which was low on the list — could be the measure that helps organizations the most. Having information ahead of the threat would be a key area where a company could lower its cost of responding to attacks.
He also warned that antivirus technology by itself is no longer capable of or sufficient in dealing with the threats of tomorrow. Firewalls and intrusion detection systems need to be implemented along with antivirus capabilities to create an umbrella of security management, he added.
There are a couple of easy things all employees within an organization can do to help stop security breaches or assist in the recovery and response time after an attack, according to Murphy.
Primarily, it is important that workers understand that spam is, for the most part, “self inflicted.” To reduce unwanted e-mails, Murphy said employees need to set up a second or third e-mail account and use that address when prompted to enter an e-mail contact.