
Fear leads to spending - though not always the right approach
By Tony Hallett
Published: 15 July 2003 06:21 GMT
Despite a realisation across organisations that cyber-security should be a top priority, a large portion of users feel inadequately protected, and humans - rather than technology - continue to be the weakest link.
Many analysts are now recommending security budgets of 3-5 per cent of operational expenditure and organisations are nearing this level in some cases but "lack of budget" is considered a reason for corporate angst.
That's according to Ernst & Young's sixth annual global information security survey, which has also found around a third of organisations rate their ability to tell if their information systems are under attack as 'inadequate' or 'only marginal'.
Jan Babiak, managing partner at Ernst & Young's UK Information Security Practice, told silicon.com: "Organisations shouldn't necessarily be spending more [than 3-5 per cent] but they should be spending it better, spending it on the right things."
Common corporate oversights include little monitoring of partners' business continuity plans, a lack of understanding of insurance policy cover for breach-related damage and insufficient privacy compliance processes put in place.
However, many companies are still focused too much on software-related security. E&Y's Babiak said physical barrier breaking, such as poor building security or keystroke capturing 'dongles' placed between keyboards and PCs, could be at least as dangerous.
Also poor staffing procedures - for example not running background checks while hiring - are a threat.
Babiak added: "Getting people security right is harder. There can often be a vulnerability at a very low level."
E&Y polled senior IT business executives at 1,400 companies around the world.
Basic awareness of computer based vulnerability analysis testing. Moderate awareness of computer based vulnerability analysis testing. Basic ...
The role holder will close projects in an effective manner by capturing and recording the learning to help the business measure the success of the ...
Technical detection of hacking risks, privacy incidents, information security breaches and vulnerability hotspots through intelligent use of ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Data Protection Strategies: Deduplication for More Efficient Backups
Dell PowerVault DL2100 Powered by CommVault - Spec Sheet
True Convergence Demands a Communication Service Provider that Embraces a Customer-Centric...
Learn how Performance Metrics for Telcomm Expense Management Drive new ROIs and SLAs
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Peter Cochrane Peter Cochrane's Blog: Can I become faster and smarter? We could all use a little more help from our machines
Mark Crichard Doing business with citizen developers: Beware the legal pitfalls Legal Eye: Make sure your business is protected from potential hazards