Most Companies Waste Millions On Poor Security
By Ara C. Trembly
While millions of dollars are spent each year to keep critical business data secure, “in most companies, that money is being wasted; theres no ROI,” according to one consultant firm.
“Ten years ago, security was pretty good. We didnt have viruses like today, and computers werent connected much, but the world has changed,” said Chuck Porter, managing partner, technology infrastructure services, for New York-based Accenture. “Today, most businesses and employees are connected to the Internet. Viruses are something you just have to be there to catch.”
Porters remarks came in a presentation at the LOMA Systems Forum held here earlier this month.
Todays companies face many security challenges, both technical and organizational, Porter explained. “Some of the challenge is financial; companies are tired of investing in [security].”
Execution [of security programs] is also a challenge,” he added. “How many of us would honestly say we are executing our security operations with much diligence? I would suspect very few.”
Most companies, said Porter, dont keep their firewall or antivirus software up to date with the latest versions, updates and patches.
According to Porter, increasing connectivity and collaboration among workers via the Internet will require increased security for the insurance industry. Under federal regulations, he added, “you can go to jail if you fail on the accuracy and integrity of your information. For CIOs, the stakes just got higher.
“Security,” he continued, “is about preventing intruders from getting to your information assets.” Todays technology enables customers and business partners to gain access to our systems in a way that makes it easier to do business, he noted.
The problem, however, is that “increasingly, you have to grant access to people who are not your employees to do this,” said Porter. Thus, security becomes a balancing act between preventing something bad and enabling something good.
In 2000, Porter did an assessment of his own companys security programs and found them to be behind the curve. “The report card was not good,” he noted, with many areas of security receiving Cs, Ds and Fs. “If we didnt fix this, we were going to be on the front page of the Wall Street Journal with publicity we didnt want.