Analysts at international research firm Gartner say that through 2005, 20% of enterprises will experience a serious Internet security incident targeting information and intellectual property.
While the majority of enterprises will not face such an attack, companies must still take the proper precautions, says Gartner. Being a victim of one of these security incidents could be much more costly for enterprises if they don`t protect themselves.
"It takes only one unsecured machine on a network to create potential risk for everyone else," says Victor Wheatman, Gartner managing VP. "The risks and the costs of defences are high, and the trend is moving upward."
Gartner`s assessment is that, at its highest level within the enterprise, information security`s top vulnerabilities are: fundamentally insecure commercial software, an inadequate patch update model, and misguided users who believe crime happens to "someone else".
The firm says that while companies try to address those security issues, a number of new technologies will add to their challenges. Web services will produce discontinuities in new application security. Unsecured wireless LANs represent a serious point of potential failure for enterprise networks, and instant messaging is creating worrisome holes.
"As enterprises turn their collective attention away from tactical security issues stemming from homeland security initiatives and back to infrastructure security, they will witness an evolution from after-the-fact improvements to more secure and thus more expensive products," Wheatman says.
Gartner`s new report, "Securing the Enterprise: The Latest Strategies and Technologies for Building a Safe Architecture", describes ways in which information security and security organisations can monitor risks, assess defences and create more secure enterprises.
Topics addressed in the report include Gartner`s "Cyber-Threat" Hype Cycle, which details the progression of a number of important cyber-threats, the role of government in fighting cybercrime, how to build and manage a computer incident response team, the most important issues and strategies for IT security management business continuity and disaster recovery management, and the importance of implementing wireless and mobile security measures.
Share
