While more and more companies are conscious of the need to secure their data and computer systems from attack, many still remain out of touch with the dangers such attacks present, according to experts on a security panel held here during the recent Comdex 2003 Global Technology Marketplace.
According to Christian Byrnes, vice president and service director for the Stamford, Conn.-based META Group, 5 years ago, only 20% of his companys client base was “well secured.” Today, he said, that figure is 40%, with another 20% investing and growing their security programs.
The remaining 40% of META clients, however, “have not woken up yet” to the need for security, Byrnes said.
He asserted that “30% of security is technology,” such as monitoring software but that the remainder rests on human factors and accurate risk assessment. As a result, companies need to focus on establishing security policies, creating processes to protect the most valuable assets and acquiring the technology necessary to protect critical assets.
“Sixty to 70% of organizations worldwide are doing the wrong things security-wise,” he stated. He noted that companies are looking to automate security processes but not paying enough attention to human factors and attitudes. “Your worst enemy is a CIO who doesnt understand that security is a necessary investment,” he said.
However, according to Ben Golub, senior vice president, security, payments and managed security services for Mountain View, Calif.-based VeriSign, attacks on computer systems nearly doubled last year despite $12.6 billion being spent on security. VeriSign is a provider of digital commerce and communication products and services.