Cameras
Camcorders
Cell Phones
Components
Desktops
HDTV
Home Theater
GPS
Laptops
Monitors
MP3 Players
Networking &
Printers
Storage
More…
Facebook
Twitter
Digg
PrintThe number of reported security breaches is down, yet the average severity of breaches has doubled, according to a new study.
The Computing Technology Industry Association (CompTIA) study, based on data collected from more than 1,000 IT professionals, revealed that 34 percent of organizations reported a major security breach in 2006, down from 38 percent in 2005 and 58 percent in 2004.
But respondents rated the average severity of breaches as 4.8 (with 10 being most severe), up from between 2.3 and 2.6 in previous years. That might not be surprising given the number of headline-grabbing breaches, such as the TJX breach in which tens of millions of credit and debit card numbers were stolen.
IT professionals reported increasing their spending on security technology, training and certifications. The amount of their IT budgets dedicated to security totaled 20 percent in 2006, an increase from 15 percent in 2005 and 12 percent in 2004. More than two-thirds (68 percent) of organizations allocate at least some portion of their IT budget to training or certification, an increase from 55 percent the year before. Security training or certification accounted for 12 percent of the total budget, compared with 8 percent in 2005. And 78 percent of those surveyed said management now considers information security a top priority.
"We are making real progress at reducing the number of breaches, but the threats are becoming more sophisticated," says Brian McCarthy, COO of CompTIA.
More than half (55 percent) of IT professionals surveyed reported spyware as a top security concern, followed by lack of user awareness for 54 percent. Nearly half said virus and worms continue to pose a threat, while about 44 percent cited abuse by authorized users as a key security challenge. Human error was reported as the cause of a security breach by 42 percent of organizations, compared with 59 percent in 2005. Other security challenges include browser-based attacks (41 percent), remote access (40 percent), wireless networking security (39 percent) and lack of enforcement of security policy (36 percent).
"Compared to last year, more than half of all organizations report that security threats associated with the use of handheld devices, spyware, voice over IP, wireless networking and remote/mobile access have increased significantly over the previous 12 months," the report reads.
CompTIA says security policies and training can help prevent organizations from falling victim to attacks. Of those polled, 62 percent said their organization has written IT security policies in place, compared with 47 percent two years ago. Of those who have written security policy, 81 percent said the policy is specific to information on how to secure remote and mobile employees
The average cost of a security breach in 2006 was US$369,388; CompTIA estimates the average costs savings of providing IT security training to staff could be $352,000. CompTIA also estimates IT organizations can save $656,000 by having IT employees with security certifications.
