Gartner: key to security not more money but better management
By Gary Flood,
Organisations that do not sufficiently protect their customers from loss of data are likely to face increasing financial penalties, analyst firm Gartner has warned.
The cost of a data breach to a company may rise by as much as 20 per cent this year and next, it has predicted.
But other research carried out by Gartner suggests that as much as 90 per cent of attacks designed to screw money out of companies could be avoided without an increase in security expenditure. This can be achieved mainly through better management and monitoring of security vulnerabilities as well as introducing identity and access management features to IT systems.
The problem that security managers face is less from mass external attacks than targeted attacks like phishing and identity-theft based penetration, suggests the company. Investments in intrusion prevention, vulnerability management and network access control have paid off when it comes to beating off the majority of viral and trojan attacks, but it is intrusions based on "legitimate" user identity is now the main threat.
"The biggest attack risk to organisations comes from targeted attacks," said John Pescatore, vice president and distinguished analyst for Gartner. "Being aware of 'inside out' communications and being able to block those as effectively as 'outside in' is becoming increasingly important. Security strategies must reduce the cost of dealing with mass attacks to free up investment and personnel resources to evolve capabilities for dealing with these more-complex targeted attacks."
The key is not spending more money but better management of resource, says Gartner, highlighting the fact that it sees no clear link between organisations that spend the most on security and organisations that are the most secure.
"The key is to identify major technology changes and start taking steps to reduce the cost of dealing with today's mature threats - viruses, worms and denial-of-service attacks - to free up funding and manpower to influence the new systems and business processes that are being built today and that will bring on the next generation of threats," said Pescatore.
You may also like...
Sponsored Links
advertisement
You may also like...
Latest Security Analysis & Insight
What is your password worth?
Would you be tempted to sell off company passwords for a fee? If not, seems like you're in the minority, acccording to research.
- Macs under attack?
- Intel: security inside
- Are you spending too much on IT security?
- Does the government want to snoop on your data?
- Eurocrats versus the cyber criminals
- The truth about spam
- Google and privacy: What’s the problem?
- Q&A: Symantec’s CISO on the source code hack
- RSA: Back from the breach?
Latest Security Reviews
Check Point 2210 Appliance review
Rating: 
advertisement
Most popular
- Apple iPad 3 vs iPad 2 head-to-head review
- Hutchison denies it will pull plug on Three UK
- EMC World 2012: Tucci declares Documentum is here to stay
- ICO: Fines for cookie law breakers
- EMC World 2012: EMC talks up cloud, security and big data
- Dell PowerEdge R820 review
- Sony Vaio T13 Ultrabook review: First look
- BlackBerry 7 OS certified to carry 'Restricted' UK government information
- Facebook floatation marred by Nasdaq glitch
- CIO: Career is over?
Latest News Videos in Security
IT PRO Podcast: Are UK data protection laws flawed?
PlayWe bring in two experts to talk about the problems with UK data protection law and the way it is managed.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
