Organizations slow to staunch security threats

Opinion
May 31, 20052 mins

* The third-annual CompTIA Study on IT Security and the Workforce

Companies say IT security is a priority, but few are backing that up with the appropriate level of education and prevention. That’s one of the findings of a recent survey from the Computing Technology Industry Association (CompTIA).

The third-annual CompTIA Study on IT Security and the Workforce is based on responses from 489 IT professionals in government, IT, financial and education sectors. According to the results, nearly 40% of organizations experienced a major IT security breach within the last six months. A major breach is defined as one that causes real harm, results in the loss of confidential information or interrupts business. This is unchanged from the period of 2002 through 2004.

Human error, either alone or in combination with technical malfunction, was to blame for four out of every five security breaches. That figure is consistent with last year’s results.

“Security assurance continues to depend on human actions and knowledge as much, if not more so, than it does on technological advances,“ CompTIA COO Brian McCarthy says. “Organizations are relying on the Internet more than ever before, making the storage and housing of personal account information and proprietary data even more vulnerable to identity theft and data corruption. This is especially true for large organizations with multiple points of vulnerability and thousands of employees.”

The survey identifies areas where organizations are coming up short in security awareness and preparedness:

* More than half of the organizations surveyed don’t have written IT security policies.

* One half of the organizations have no plans to implement security awareness training for employees outside the IT department, nor have they considered.

* About two-thirds of organizations have no plans to hire IT security pros in the next year.

* Only 27% of organizations require IT security training and 12% require certification. However, 89% of those groups surveyed believe that IT security breaches have been reduced as a result of IT security training and certification. 

“To be truly effective in preventing and combating security threats, organizations need to take further steps by spreading security awareness and knowledge from a select group of IT staff to larger portions of their employee base,“ McCarthy recommends.