24 Apr 2002
Conflict between the usability and security of business applications is one of the biggest issues that companies face.
The Department of Trade and Industry's biennial survey of information security breaches, published at InfoSecurity this week, painted a picture now familiar to enterprise network managers. Threats have increased while IT budgets have been squeezed.
But Chris Potter, partner at PricewaterhouseCooper's global risk management division and co-author of the report, said the principal cause was a lack of communication between business managers and IT staff. "It's rare to find a company where the IT staff understand directors' concerns and vice versa."
He said there was often a culture of misunderstanding between internal application developers and those charged with securing data. "There's a difference of perspective. Developers are driven to ensure their systems work, and a lot of vulnerabilities we discover are now in the application layer."
This lack of communication could create serious problems as top-tier hackers become bored of targeting commonplace systems. "Usually hacker activity goes for the path of least resistance. But there is an element that appreciates a challenge, and they will target systems that interest them," warned Potter.
Former Communications Management Association chairman David Harrington said the communication gap is very real and growing. "IT security can't be touched, therefore everything about it except its cost remains dubious."
As the number of business functions that need good security has rocketed, the number of people with the required skills to protect them has plummeted.
Potter urged businesses to rely on experience. "Those with theoretical knowledge but little practical experience may present an added danger," he said.
Speed of growth in e-business has left some staff in its wake, Potter said. "Not all security managers brought up in a mainframe environment have made a full transition to the browser-based environment.
Jay Hunter, manager at Andersen's risk management group, said pace of change spun doubt over the value of investment. "An infrastructure design from six months ago looks weaker today."
Most businesses' prime security concern was hackers, but large businesses put current staff second on their hit list. "Inappropriate use of email and web browsing has increased," the report stated.
Have your say on this article
Newsletters
Latest stories from Networks
Latest videos
You may also like
Networks jobs
Technology Patent Wars
Staff are increasingly using their personal devices for work. Productivity may increase as a result, but the trend brings with it security risks
Case studies from large organisations across all sectors
... And rich media, and flexible working, and peaks in traffic ...
Upcoming Events
Join us for this Computing web seminar, in which the Head of BI at the Co-operative Group Nick Colebourn will be explaining just how he reigned in the Group’s sprawling database estate and how significant savings were realised and data quality improved as a result.
Date: 31 May 2012
Time: 11:00 AM
Live June 13th 11:00am: Register now. During this web seminar we will be looking at the sorts of incidents that can bring data centres grinding to a halt and what can be done about them.
Date: 13 Jun 2012
Time: 11:00 am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
