Identity theft prevention is security spending focus
Enterprises expect to focus IT security spending on identity theft prevention says survey from IDC and Dimension Data
Identity theft prevention is the top spending priority for enterprises, according to new research from Dimension Data and IDC.
Organisation expect their largest security IT expenditure to be in identity theft and abuse prevention solutions, followed by spending to prevent external threats, unintentional privacy breaches, remote access abuse and spam.
The global survey of over 400 companies with 500 or more employees found that organisations felt they would most likely have to deal with PC theft or loss (54%), spam attack (45%), misuse or hacking (45%), and spying tools (45%) as the most likely security incidents, while external threats (52%), internal intentional misuse (49%), remote access abuse (47%), identity theft (47%), and virus attack (43%) would be the most damaging security incidents.
The survey results raised the issue of companies approaching security on a threat-by-threat basis, according to Dimension Data, and not taking a more holistic view and implementing five major types of security control to secure their organisation.
Dimension Data's global general manager, security solutions, Neil Campbell commented: "We are concerned that the surveyed organisations are tackling threats reactively, on an ad hoc basis, and without putting some basic security controls in place. In our experience, it really doesn't matter how sophisticated point solutions are. If organisations haven't implemented the five major categories of security control - firewall, intrusion prevention, system security, web content security, and email content security - then they're focusing on 20% of the risk, but leaving themselves exposed to the other 80%."
"Once an organisation has built its foundation, it can add other industry or organisation specific security measures when and if required. These five form the security ecosystem that will dictate the technology selection process in other areas of security. In building the foundation organisations will consider issues such as throughput, redundancy, centralised policy management and reporting, log management, alerting, interoperability and support," said Campbell.
"Given that each new security technology should make the whole greater than the sum of the parts, these decisions will allow organisations to rapidly focus in on appropriate technologies to extend their ecosystem. Without the foundation in place, there would be a need to start from scratch with each new technology that's added and that's costly, inefficient, and incredibly risky," he added.
"Identity theft is definitely one of the most serious threats organisations in the Middle East face. Implementing a firewall, intrusion prevention, system security, web content security, and email content security have become a necessity. Companies are definitely spending more on security solutions, which prevent identity theft among others," comments Mechelle Buys du Plessis, the strategic account manager at Dimension Data.