This article can also be found in the Premium Editorial Download "Information Security magazine: What's your biggest information security concern?."
Download it now to read this article plus other related content.
Security professionals have a better handle on malware, but for another year it is the top priority.
Recent survey results revealed some unsettling, but unsurprising, news: Spam traffic rose 60 percent in recent months, Microsoft is thwarting more zero-day threats, and the cost of a data breach increased 31 percent in 2006 to an average of $182 per compromised record. Meanwhile, we have our own bad news: Our research shows that insider threats are a top concern for 2007.
Every year we survey our readers to get a sense of your key priorities for the coming year. Now that most of you have perimeter defenses in place, this year's survey reveals that many of you are worried about the trusted insider and the information that could be leaked to thieves or competitors. The recent indictment of a former UBS Paine Webber employee who brought down the company's trading network before the stock market opened for the day is a tale of what can happen when a disgruntled employee wants to damage an organization. This story went public, but every CISO has a story of a malicious employee. For more on what your peers think, see "
Another key finding from the survey is that malware is a never-ending concern. While security professionals say they have a better handle on it, it is still top-of-mind. Indeed, 57 percent of respondents ranked decreasing/preventing viruses and worms as their top priority, followed by 55 percent of respondents who cited preventing spyware as their top concern. To help further fortify your defenses, check out "Don't Just Kick the Tires"; it explains new technologies from four startups--Ixia, Spirent Communications, Mu Security and Karalon--that take vulnerability scanners and exploitation engines to a new level.
Meanwhile, AT&T senior vice president and CSO Edward Amoroso says carriers can also help in the fight against malware. Since AT&T controls about a quarter of the Internet's traffic, it could put a dent in mitigating malicious activity. There's a catch, though: CIOs don't want to give up that control, says Amoroso. For more on this, see NewSCAN. Ideologically, others believe the carriers bear some of the responsibility for blocking traffic in light of the ever-growing botnet problem. Trend Micro CTO of Internet content security Dave Rand says there are currently 70 million compromised computers that are collectively used as botnets. And, the proliferation of botnets is leading to the increase of spam.
So, is it time for holiday cheer or fear? On a positive note, 64 percent of readers said their security budget will grow in 2007. More dollars means more security initiatives. And, security professionals will get closer to their organizations' executive ranks because they will be working on more strategic and regulatory initiatives next year, according to our survey.
And until then, we at Information Security wish you a safe and happy holiday season.
This was first published in December 2006