Forwarded from: William Knowles <wkat_private> http://www.computerworld.com/securitytopics/security/story/0,10801,81261,00.html By JAIKUMAR VIJAYAN MAY 15, 2003 Computerworld As the director of global security at Hewitt Associates LLC, Dan Josephites is taking a multifaceted approach to bolstering defenses at his company, which is the nation's largest human resources outsourcer. Firewall, antivirus and other intrusion-detection technologies are a key part of the strategy. But Hewitt is also shoring up its internal networks, performing network and application-level penetration testing, and working with developers to ensure secure code on all Web-facing applications. "We are spending more on security, there's no two ways about it," Josephites said. Hewitt isn't alone. A new study released this week, by the Orange, Calif.-based AFCOM's Data Center Institute, shows that information security has become a major priority for the nation's largest data centers in the face of constant terror alerts, tensions in Iraq and proliferating cyberthreats. The study, conducted earlier this year among 257 data center managers, showed that nearly 50% of the companies surveyed said they had increased security budgets by 5% to 15% in the past year. While a majority of organizations are still spending less than 10% of their IT budgets on security, about 17% allocated between 9% and 20% of their budgets for it. AFCOM's survey results are nearly identical to the results of a worldwide survey of 500 financial services companies being released next week by Deloitte Touche Tomhatsu. The Deloitte survey shows that despite the economic downturn, most companies have maintained or increased security budgets and boosted IT security staffing levels. The budget increases come at a time when a growing number of companies face external and internal cyberattacks, said Jill Eckhaus, president of AFCOM. "The most surprising thing in my mind was that almost 30% of the companies surveyed did have a breach of security last year," she said. In the financial services sector, 40% of the respondents to the Deloitte survey reported breaches in the past year -- with most of them coming from external sources. Growing concerns about cyberattacks have made "the approval process for security spending somewhat easier," Josephites said. "It is very, very difficult to 'ROI' security, but my management understands that it is the cost of doing business these days." "I'm not having any trouble getting money for [corporate] security," said David Krauthamer, director of IS at Advanced Fibre Communications Inc., a Petaluma, Calif.-based manufacturer of telecommunications equipment. Proliferating virtual private network access and an increase in the number of workers accessing the corporate network from outside have made remote access a major security concern for the company, he said. If there is a challenge, it would be to get the funding needed to guarantee that home networks are properly secured, he said. "Most of the money is spent on making the corporate network a fortress," he said. The need to have a more proactive security posture has driven up security spending, said Kevin Ott, vice president of technology at Terra Nova Trading LLC, a financial services firm in Chicago. Apart from having to stay on top of the growing number of hacker threats, Terra Nova is, for instance, also having to respond to customer demand for instant messaging support on the company's network. That means investing in technologies to secure and archive such communications -- measures the company has already invested in for internal IM use. Despite the increased security spending, only about 5% of the respondents in the Deloitte survey claimed to be extremely confident about their ability to withstand attacks. "The lack of confidence in a company's ability to respond to internal and external attacks was surprising," said Ted DeZabala, a partner with Deloitte's security services group. *==============================================================* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen Alfred. M. Gray, USMC ================================================================ C4I.org - Computer Security, & Intelligence - http://www.c4i.org *==============================================================* - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri May 16 2003 - 03:50:41 PDT