Security pros: Our defenses need work

Though most corporate security professionals see network protection as critical, they have only made modest gains in securing their companies, according to a report published Monday.

The Internet Security Alliance's survey of 227 information security professionals worldwide found that nearly 88 percent of participants believed that protecting their business information was essential to their company's survival. But only 56 percent are prepared for cyberterrorism and information threats, up 20 percent since the Sept. 11 attacks.

"There is a perception that we are dealing with hackers out there who need an intellectual challenge, but there are now organized threats," warned David McCurdy, a former seven-term Oklahoma congressman who is now executive director of the ISAlliance. "Senior management has said that this is an important topic, but there hasn't been follow-up."

With this report, the industry organization echoes the findings of the Business Software Alliance (BSA), which previously cited warnings about the dangers of corporate cyberattacks in a survey of information technology professionals.

More than 93 percent of security professionals said their company planned to increase the resources allocated to safeguarding their information in the current year. However, on average only about a third said they had improved their security since the Sept. 11 attacks.

At least one security professional questioned the findings of the survey: specifically, that 70 percent of participants thought that their company had adequately protected itself against hacking threats.

"I look at that number and I am dumbfounded," said Peter Lindstrom, director of security strategies for the Hurwitz Group, an analyst firm. "I'm thinking to myself, at least 30 percent were honest. The other 70 percent were either lying to the survey, lying to themselves or completely disingenuous."

Lindstrom said that the complexity of completely securing a network makes even attaining "adequate" security difficult.

"It's hard to believe anyone would step up and say that, given the history of security," he said.