The Obama Administration claims national computer security is one of its highest priorities. As proof, the Administration plans to establish a cybersecurity office in the White House. That office will be headed by a yet-to-be-appointed IT security czar. The President even went as far as to name October Cybersecurity Awareness Month.
Back in boardrooms across America, corporate executives are plenty aware of cybersecurity. Indeed, CEOs, CIOs, and CFOs are well aware that, on the whole, their cyber-networks are anything but secure.
A new survey reveals the extent of these concerns. Half of 1,900 corporate execs polled by Ernst & Young said improving information technology risk management is their top security concern for next year.
That response makes sense when you consider roughly 40 percent of the executives said that external threats to their networks (phishing, website attacks) had increased this year. Even more disturbing: a quarter said there had been a rise in the number of internal network attacks (abuse of IT privileges, theft of data).
Such attacks could become epidemic given the wave of layoffs over the past year or so. Ex-workers pose a serious IT security risk. Angry about losing their jobs, some feel justified in getting back at their ex-bosses. Some have intimate knowledge of company systems. Many know passwords that will give them access to key networks.
Not surprisingly, fully three-fourths of the polled executive said they're bracing for reprisals by former staffers. Whether they have the resources to actually do anything about these sorts of attacks is anybody's guess. About 56 percent of the respondents said the biggest challenge to protecting their corporate networks in 2009 was the lack of resources.
The polled executives said the two primary ways to overcome this problem are outsourcing and hiring more IT staff. Nevertheless, only 20 percent of the respondents plan to hire more in-house resources. Likewise, only 14 percent plan to spend more on outsourcers to help boost network security.
The reason for not hiring outsiders to help beef up IT defenses? Most likely, security concerns.