In a recent worldwide study by CIO Magazine and PWC concerning their risks, thousands of security leaders are fanning the flames over so many breaches and so little insight.
The survey asked about next year's 2006 top priorities or To-Do List:
1. Business Crisis and Continuity Management
2. Employee Training and Awareness programs
3. Data Backup
4. Overall Information Security Strategy
5. Network Firewalls
The good news is that the budgets are finally rising in light of increased theft of intellectual property and identities along with other major information crimes. Budgets in 2005 are now 13% of the IT budget. Consolidation and compliance are issues to be managed however these have bogged down strategic initiatives for the future.
Even after spending in the billions, incidents are still rising and these are the sources of the attacks:
59% - Malicious code
26% - Unknown
25% - Unauthorized entry
21% - Denial-of-service
And what is the most enlightening or discouraging statistic from this group is the answer to the question: When an incident does occur as a result of an attack, who do you tell?
No One - 55%
Customers - 16%
Partners/suppliers - 14%
Is there some correlation between the 26% unknown sources of attacks and the 55% of the incidents where no one is told about it.