Top 5 items on IT’s security wishlist

High profile attacks such as the Stuxnet worm and Operation Aurora may generate a lot of headlines, but they aren’t the biggest threats most IT departments are worried about.

Stuxnet, for example, was a widespread worm that attacked Windows PCs — however, its primary goal was disrupting Iran’s uranium enrichment program. Likewise, Operation Aurora had a limited set of targets, which included big-name tech firms such as Google and Symantec.

In other words, they weren’t threats that had a big threat on the average IT department. That fact is reflected in the results of the recent study, “Headlines Versus Reality: Survey Report,” conducted by eEye Digital Security.

Stuxnet and Aurora were each identified as large threats by just 12% of the 1,677 IT managers who responded to the survey. Here’s what those folks are actually concerned about:

  1. 55% identified common malware and spyware as a large threat
  2. 48% are worried about the lack of budgetary help for improving security
  3. 42% are concerned that improper network configurations that could leave their organizations vulnerable
  4. 42% are worried that they’re heavily vulnerable to “zero day” threats, (threats that have yet to be patched or identified by anti-malware programs), and
  5. 41% are worried about their ability to comply with laws and regulations that govern information security.

What do those businesses need to improve their security? When asked how they would use a hypothetical 20% increase in IT security budgets:

  1. 65% of respondents said they would invest in security reporting technology
  2. 63% would invest in patch management systems
  3. 60% would invest in configuration assessment tools
  4. 52% would hire additional security personnel, and
  5. 39% would invest in regulatory compliance reporting.

Unfortunately, for most businesses that budget boost will only be hypothetical for a while — just 21% of IT managers reported getting an increase in their security budgets for 2011.

One thing IT can do to significantly reduce their organization’s vulnerability: Make sure all software is up to date. Sometimes budget problems get in the way of that as well, but even free upgrades (those for web browsers, for example) can go a long way toward protecting the network.

Download eEye’s report here.

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy