Despite a significant increase in reported security incidents over the past year, a survey released this week by two industry groups reveals a high level of confidence on the part of IT security professionals.
As of the third quarter 2003, public- and private-sector organisations reported 114,855 incidents to the CERT Coordination Centre at Carnegie Mellon University in Pittsburgh. That's an increase of 40 % over last year, according to the survey by the Business Software Alliance (BSA) and the Information Systems Security Association (ISSA).
The survey results indicated that the rise in reported incidents hasn't dampened the confidence of many security administrators, but whether that accurately reflects the views of corporate security personnel is unclear. Of the 1,716 ISSA members surveyed, 70 % were from government agencies or IT vendor and services firms; only 30 % were from corporate users.
Released the same day that senior officials from the Department of Homeland Security warned the IT industry that unwanted regulation would likely result if the private sector does not take ownership of cybersecurity issues, the independent survey found that three out of four IT security administrators consider their companies prepared to defend against a major cyberattack.
Eighty-seven percent said software patches for known vulnerabilities are up to date at their companies.
In addition, three out of four respondents said recent reports of software vulnerabilities have prompted their companies to strengthen their capabilities to respond to attacks. Seventy-seven % said they have a formal security program in place, and a whopping 96 % of those said their programs have senior management sponsorship and approval.
Robert Holleyman, president of the BSA, said that while the survey shows progress is being made, "enormous challenges" remain, particularly in the areas of employee training and security funding at small and medium-size businesses.