Corporations eye up security threats

Cutting costs by freezing or reducing IT security budgets is a risky approach, even in tight economic times, warns a leading security expert.

Sarah Gordon, senior research fellow at vendor Symantec's Security Response team in the US, said there is a certain level of funding needed to maintain the level of education and security CTOs (chief technology officers) and administrators require to keep systems secure.

Gordon believes that IT professionals need to take a holistic approach to managing security risks. "Security is not a static target that you can acquire," Gordon warns. "It has to be worked into corporations like a golden thread -- beginning with the infrastructure design, and extending all the way through the delivery of products."

This year, Gordon has seen blended threats and worms to have been a huge issue facing chief information officers and IT departments. She said that IT departments need to be continually vigilant, and to make sure that they get information quickly as new threats emerge.

She thinks that blended threats will continue to grow in importance as an emerging threat, and also expects to see a renewed focus on issues like due diligence and adherence to standards.

"Today, more than ever, protecting computers is of paramount importance. As we become more and more interconnected, what affects one of us has the potential to affect all of us," she said. "We need to grow in our sense of responsibility, and continually assess how what we do has the potential to affect others."

"The reasons for hacking continue to be thrill, curiosity, a sense of power, corporate gain, and various forms of criminal intent," Gordon said. "The people who do it continue to be as varied as the reasons."

Have your say instantly, and see what others have said. Go to the Security forum.

Let the editors know what you think in the Mailroom.