Batten Down The Security HatchesBatten Down The Security Hatches

It's a reality of doing business. Whether it's a computer virus that an unsuspecting employee triggers or a denial-of-service attack successfully executed, security incidents happen.

Computer crime will grow by an estimated 230% this year, based on projections by Computer Economics, a research firm that analyzes IT security and related costs. Computer viruses are expected to increase by 22% during the same time frame.

Yet it's difficult to know the full extent to which security incidents affect business operations. The potential for negative publicity, a decline in stock value, and the loss of customer confidence stop many companies from coming forward. In fact, only about 20% of computer security violations are reported, Computer Economics says.

In spite of companies' reluctance to disclose security breaches and the frequency of attacks, an examination of IT priorities in information Research's Evolving IT Priorities: 2Q 2002 report shows how seriously companies are taking the protection of their information and systems.

Two-thirds of 300 business-technology executives interviewed in the study report that their companies are planning to invest in intrusion-detection software this year. The rollout of intrusion-detection software is evident across businesses of all revenue sizes.

But companies will need to look beyond external threats to ensure the well-being of their operations.

The approximately 2,200 U.S. companies that participated in information Research's 2001 Global Information Security Survey indicate just how diverse the sources of security violations can be. Half suspect that computer hackers are behind security breaches at their companies. One third of respondents attribute security incidents to unauthorized employees, while a quarter cite authorized staff members as the culprits.

One in five companies point an accusing finger at former employees. Accusations are also leveled against customers, suppliers, and contracted service providers; customers are most often suspected.

For security measures to be effective, business-technology executives need to champion not just intrusion-detection software but security procedures that are comprehensive enough to monitor internal as well as external threats.

What is your company doing to ensure that the information its knowledge workers are using remains safe? Let us know at the address below.

Helen D'Antoni
Research Manager
[email protected]

Designs For Detection
Texans might be staunch supporters of the philosophy that bigger is better, but large companies have to go the extra mile to protect themselves against security breaches, especially if a company is in the public eye. According to information Research's Evolving IT Priorities: 2Q 2002 report, larger companies--businesses with annual revenue of $1 billion or more--are rolling out intrusion-detection software more often than smaller ones.

While almost three in four of the study's 100 large companies are planning to invest in intrusion-detection software this year, two-thirds of the study's 100 midsize companies and only slightly more than half of 100 small businesses interviewed plan to do so.