Security continues to be the number one IT Priority for UK tech professionals despite claims from vendors that the war against hackers and malware writers is being won, according to research conducted by ZDNet UK and analyst company Butler Group.
The UK IT Priorities survey released on Tuesday reveals that despite advances made in security technology, there has been little or no reduction in the time IT professionals are spending trying to protect their business systems from attack.
According to Butler Group, which authored the report using information collected by ZDNet UK, there has been a clear lack of progress when it comes to the development of security countermeasures across the industry.
"For some time there have been claims that the war is being won, and yet there is no reduction in the time and resource that IT professionals must devote to the campaign," the report states.
Identity management and authentication were also identified as of increasing importance to companies' security strategies according to Butler Group. The analyst claims that there is currently a huge driver for identity management as organisations have to manage increasing numbers of user identities – especially if employees and customers are accessing systems via the Web.
"Authentication and identity management…should be included as part of a security strategy, as these pose some of the greatest risks from unauthorised access to company systems if they are not managed effectively," the report states.
Toolkits of the latest information on security and the other issues highlighted in the report can be found here
Aside from concerns around security, the report also revealed that:
- Application Development: Two-thirds of respondents see rich Internet applications as the future due to the advantages they offer in terms of end-user productivity and increased competitive advantage. For all the latest news, reviews and features on Application Development go to Builder UK, ZDNet UK's development centre.
- Networking and Communications: The research showed that investment in networking and communications is being driven by the need for mobile access to networks. Butler Group claims that to maximise benefits from these investments, UK companies need to go beyond the basics and align their investment with wider business strategies.
- Server Hardware: Virtualisation, blade servers and server consolidation were identified as the key techniques for improving the efficiency and utilisation rates of IT infrastructure. But despite these advances Butler Group claims that companies are being slow to implement wide-scale virtualisation projects.
- Desktop Software: The survey showed that increased end-user productivity is driving 51 percent of respondents to invest in office productivity applications. But Butler Group claims that companies are failing to provide adequate training for their employees on the relevant software, meaning that they are not reaping the maximum benefit from their investments.
You can download a full copy of the UK IT Priorities Survey here.
For more information on the IT Priorities programme, go to the IT Priorities homepage.
For more information on Butler Group click here.
Talkback
Security Vendors are stretched in three critical areas:
1. Conventional Malware Research is failing to cope with the volume of malcode. This is because so much of today's cyber attacks are utilising personalised executables. In some cases an attack will morph each occurence of its payload. One AV company recently shared with me that they issued more signatures in 2005 than in the previous 10 years combined. Security Vendor's research teams and technologies are already stretched beyond their design limits. Security Vendors must evolve new, automated detection techniques quickly to stand any chance of regaining control.
2. Today's end-point products lack enough self protection, and industrial strength clean-up capabilities to prevent disablement by powerful targeted malware which employs the latest persistence technologies such as Winlogon/Notify and Kernel Rootkits.
3. Since inception Security Products have been focused on protection against known attacks. Host Intrusion Prevention technologies have shown promise but most implementations have been softened to avoid the management and disruption costs that false positives have inflicted on the user experience. Many products now need Security Consultants to configure these technologies to achieve a compromise between protection and user disruption.
Security Products must monitor all software activity. Only then can we tell which systems were infected and when. Today's UTM approaches are very poor with 90% focus on known threats. The balance needs to shift towards finding new threats through end-point telemetry and automated malware detection, analysis and determination.
I think what is happening at the moment in the IT industry is right! We need to take security as a serious matter right at the begining. If someone out there says he spends more time thinking about/ deciding on security measures or what type of authentication measures he needs to put up in his company or application, well, I would say he is sensible.
IT Security is a prime concern for financial institutions; how would they account for loss in terms of currency. There is a lot of loss happening in the form of phishing attacks or authentication problems.
With the increase in technology and technology being widely available to the world; there would always be serious concerns over implementing security strategies at the right places, more importantly in the right time.
No offence meant but, what use is business and business strategies without protecting yourself first. Jus' wondering how is it a stalemate? Why do we not see it as a measure to protect future distress.
End of the Day- It is the people in the IT Security dept of the company who gets the blame for not acting fast. And when they act, we headline it stalemate.
I appriciate and thank "ZDNet" for giving me this oppurtunity to speak out. I always follow ZDNet to track the latest news in Internet Security.