A survey by Brocade conducted at the RSA Conference 2010 in San Francisco, Calif reveals that 47 percent revealed that their network security solutions are less than 25 percent effective in thwarting security threats. The potential ramifications of these breaches are widespread, considering that more than 1.2 million consumers' personal and confidential information has been exposed due to network security breaches since the beginning of 2009.* While these statistics are startling, they are not surprising. According to Charles Kolodgy, research vice president, IDC Security Products, surveys show that more than 90 percent of enterprises plan to either increase or maintain their spending in IT security in 2010.
Kolodgy continues that, "Data is currency in the information age and protecting those assets is of utmost concern to security professionals, especially in an environment where technical threats continue to evolve and cyber criminals become increasingly sophisticated. Security solutions have to improve to meet these challenges. Enterprises can no longer rely on point security solutions to prevent data loss; instead, they must incorporate security into the network infrastructure for comprehensive coverage on multiple fronts." In terms of a threat or data leakage perspective, 80 percent of those surveyed stated that security policies to address these issues are only being "somewhat enforced." In fact, only 18 percent stated that their security policies are being completely enforced, indicating a disconnect between policy and practice that can lead to security vulnerabilities, non-compliance and increased risk.
While cyber-criminal activity was a topic of discussion in numerous keynote sessions at the conference, 48 percent of those surveyed cited "individuals within their organization providing or selling sensitive information to competitive companies" as their most serious security concern.
Foreign governments ranked a distant second at 15 percent and cyber-criminals ranked third at 10 percent. Only 56 percent felt background checks were effective in determining whether an employee is a potential spy. Unsolicited comments ranged from "a background check is better than nothing" to "it's only part of a complete picture needed."