News

IT Professionals Fear Losing Jobs Over Security Breach

A recent study commissioned by systems management and deployment appliance maker KACE found that the majority of IT professionals working in "Fortune 100,000" or mid-sized companies" (defined as those companies with 100 to 100,000 employees) fear they could lose their job in the event of a security breach at their company.

The remainder of the study shows they have good reason to be concerned. One reason: inconsistent security strategies. Though 81 percent of respondents said they perform patch management as part of their strategy, only 35 percent include end-node vulnerability scanning, "and that's an important component of security," KACE CEO Rob Meinhardt told Enterprise Systems in an interview.

Though nearly all have installed anti-virus software and more than 80 percent use anti-spyware software, fewer than half use firewalls or automated desktop configuration, a statistic that has Meinhardt particularly concerned.

"It's good that enterprises have installed anti-virus software, but it doesn't end there," he said. "How do you know that it hasn't been disabled, that virus definitions are up-to-date, or that settings haven't been changed? Unless you're checking desktop and laptop configurations, you have a large hole in your security strategy and you're exposed. It's at the end nodes where you should look for succeptbility."

The research, which reflects the answers of 256 respondents -- including hands-on professionals, team managers and business owners, with many participants claiming multiple roles within their organization -- was commissioned by KACE to understand how IT professionals combine systems and security management, to identify the types of management tools companies use, and to assess "security readiness."

"IT departments around the globe are working endlessly to combat and minimize security issues," said Diane Hagglund of King Research. "But interestingly enough, most IT professionals from the mid-market sector in particular feel quite ill-prepared when it comes to systems and security management, and most don't include end-node vulnerability scanning as part of their ongoing practice, which could be a very costly mistake."

Among the other major findings of the study:

  • Of those personally responsible for IT security, 62 percent report that responsibility affects them in a personal way.

  • Nearly 87 percent of IT organizations are confident in their ability to deal with "traditional" security problems (including viruses, spam, spyware and malware), but only 35 percent feel they can deal with lost or stolen equipment containing corporate or personal data. "That means they don't have effective backup/recovery or business continuity features in place," Meinhardt observed.

  • Respondents say they are using six disparate user interfaces (on average) for systems and security management, "which creates challenges in learning and using the tools effectively," participants reported, according to KACE. Increased efficiency ranked highest (at 69 percent) among the benefits of a consolidated interface. Other benefits cited include ease of use, greater quality of service (as a result of faster resolution times), consistency and decreased costs.

  • Security professionals know theirs can be a round-the-clock job; the survey noted that 87 percent of IT professionals must work evenings, weekends or late nights.

The importance of the user interface shouldn't be ignored by vendors: "61 percent of all participants from mid-market companies who had five or more product interfaces for systems and security management reported that they have made a product purchase specifically to minimize the number of product interfaces their staff was required to use."

"The results are in and they prove that IT professionals from Fortune 100,000 companies are not confident with their present security measures, and are taking the stress home with them to their personal lives," Meinhardt said. "The discomfort these professionals are feeling about their security measures is actually an opportunity for us."

KACE makes a family of appliances, named KBOX, to address these problems.

The full report is available at software.dell.com/documents.

About the Author

James E. Powell is the former editorial director of Enterprise Strategies (esj.com).

Featured