IT Security Staffing Decreases Despite Growing Threat Landscape

MBA (8/26/2008 ) Palaparty, Vijay
More than 10 million “zombie” computers sent spam and malware during the second quarter alone, according to Panda Security, Glendale, Calif. Regardless of increasing threats, Computer Economics, Irvine, Calif., says the number of IT security professionals in organizations has steadily declined.
The Panda Security report defined “zombie” computers as systems affected by bots, controlled remotely by cyber criminals. It revealed that 74 percent of all email received between April and June was spam.

“This is not just annoying for users who have to delete all of this mail, but in corporate environments, it has important repercussions on productivity and resource consumption,” said Luis Corrons, technical director at PandaLabs.

Last year, Nucleus Research Inc., Wellesley, Mass., said the spam epidemic costs U.S. businesses $712 per employee in lost worker productivity.

The report said Turkey had the most zombie computers, comprising 11 percent of the global total. Brazil ranked second at 8.4 percent, followed by Russia at 7.4 percent. The United States accounted for 4.3 percent, ranking ninth, dropping from 5 percent during the first quarter.

“The percentage of IT employees dedicated to security in any given IT organization is relatively small—only 1.5 percent of the typical IT staff, and has been declining,” said John Longwell, director of research at Computer Economics.

Security as a percentage of IT staff was 2 percent in 2006. The report added that the decline was not a result of staff growth in other areas.

Jay Meadows, CEO of Rapid Reporting, Fort Worth, Texas, said IT security needs in the mortgage banking industry have evolved over the past 10 years. “Many companies are deploying systems that already have a lot of security measures built into them,” he said. “But technology is created in an environment for possible intrusion. There has been a tremendous reduction in mortgage staff nationwide, and while the reduction in security has been significantly smaller, security measures can ultimately be the demise of a company and should not be taken lightly.

“Security begins at the top,” Longwell said. “A commitment from executive management is required to create a culture of security that ensures procedures are enforced, audits are taken seriously and investments are made in personnel, training, services and technology. That commitment undoubtedly has more bearing on security than staffing levels.”

Meadows urged lenders to be vigilant not only about their own security measures, but also of their vendors. “If a lender is doing business with a vendor that is not as secure as it is, then by association the lender is increasing its fraud risk," he said. "Ultimately the highest burden of risk falls on the lender and not the vendor that may cause damage. As cost-cutting measures prevail, lenders should keep in mind that if a vendor’s price seems low, they may secretly be skimping on security, which is expensive to uphold.”