Scarce Resources Versus Rising RisksBy Bob Violino | Posted 2009-01-30 Email Print
Threats to data and network security increase during tough times, even as scarce resources make companies more vulnerable to attack.
Many organizations will be working with limited security resources. Gartner, in a report released in January, says IT spending budgets will be essentially flat this year, with a planned increase of 0.16 percent. A worldwide survey of 1,527 CIOs conducted by the firm from September to December 2008 says flat IT budgets were found across enterprises in North America and Europe, and 21 percent of the executives reported a cut in IT budgets.
Roger Fye, vice president of IT at Dial Global, a Valencia, Calif., independent radio network owned by Triton Media, says his business is facing an increasing number of malware and other security threats. And he’s fighting them with a smaller staff and a shrinking budget. “We have seen an evolution in the types of threats, from e-mail-borne to the Web, and an increase of sophistication with regard to what they are and where they come from,” Fye says. “Facebook, MySpace, compromised Web sites and phishing schemes are all portals for these new types of attacks.”
Dial Global deals with the threats by using a layered security approach that includes several technologies, including perimeter defenses such as firewalls and protection against viruses and other malware on desktops and servers using anti-malware software from ESET.
“We all respond to email alerts generated by our anti-malware system, and subsequently educate the user as to how these infections occur,” Fye says. “Educating users as to the nature of these threats goes a long way to preventing them.”
Fye has a two-rule system for dealing with email threats. If a user receives an email with an attachment or link from a person he doesn't know, he’s to delete the message. If the user receives an email with an attachment or link from a person he does know but wasn’t expecting to hear from, he’s to delete it. “You can always follow up with that person to see if they actually sent you something and they can resend,” he says. “I know it seems rather basic and somewhat harsh, but if followed, these rules will save a lot of time cleaning up infected systems.”
In addition to the layered security approach and educating users about email-based threats and how they can help to avoid them, Fye says it’s important for IT and security managers to stay informed about the current threats.
Washington State Employees Credit Union (WSECU) in Olympia, Wash., is also trying to provide robust security with tight funds. “Anyone who is not effected by shrinking budgets [is] certainly in an industry that has completely been protected from the economic status we are all facing,” says Tony Hildesheim, vice president of IT at WSECU. “The issue is that there is not budget for acquiring new or updated tools that further protect the environment. Additionally, tighter budgets force companies into limiting the scope of projects and sometimes that includes security or backup.”
Hildesheim says WSECU is fortunate in that it has already expended monies on tools to support security. The credit union has also gone to its security vendors to ask for steep discounts on products and services.
“As you look at the economics, companies often believe the value of their service and/or product is not impacted by the value of [consumer] or other durable goods,” Hildesheim says. “That is simply not a realistic view and we are asking for a re-valuation of the services.”
And in this economy, Hildesheim says, being keenly aware of and validating the effectiveness and true cost benefit of the products that security vendors are offering is especially important.