IT Dogged by Security Issues, Studies Find

Software security continues to trouble IT pros, who often have to do more with less in the current recession, according to two industry-sponsored studies.

A leading attack vector seems to be Web sites, and IT pros who've had their organizations' Web sites attacked aren't alone, according to a study by software security firm WhiteHat. Eighty-two percent of Web sites have had a "high, critical or urgent issue" since the Web site's inception, according to the study, "Web site Security Statistic Report: Spring 2009."

Moreover, the troubles haven't disappeared with time. Sixty-three percent of the Web sites that WhiteHat canvassed currently have a "high, critical or urgent issue." Of the 17,000 plus security vulnerabilities identified, a little more than 7,000 remain unfixed.

The report doesn't describe the specific attacks in detail although it does list the top ten vulnerabilities. Cross-site scripting tops the list, followed by information leakage and content spoofing, among others. The report collected data between January 1, 2006 and March 31 of this year.

"One of the biggest takeaways from this report is that not all vulnerabilities are created equal, but many are very serious," said Jeremiah Grossman, WhiteHat's founder and chief technology officer for security, in an e-mailed statement. The vulnerabilities can cause serious damage by providing a means for releasing sensitive information, he added.

The attackers are out there, but are IT pros ready to do battle from the home front? Another study, commissioned by VanDyke Software, examined attitudes among IT personnel about the security of their shops, even as IT budgets are getting cut this year.

The study, "What Keeps Network Administrators Up at Night," polled 320 network and systems administrators. More than 41 percent had a decrease in security-related expenditures at their organizations, and only 22 percent saw an increase. These 2009 findings represent a reverse of the spending trend seen in 2008.

Forty-six percent of network and systems administrators "feel that their organization has not budgeted sufficiently to support current information security needs," according to the report.

"What we saw was a measurable split between those who were sleeping like babies and those who are really concerned that not enough attention is being paid to securing the system," said Jeff Van Dyke, founder of VanDyke Software.

The IT administrators in the report who had "trouble sleeping," according to Van Dyke, specifically saw challenges in managing enterprise users, as well as concerns about the security of laptops and handheld devices.

"Organizations that have automated and monitored security operations can get more bang for their buck," Van Dyke added. "But there's no substitute for vigilance about what's going on and the ability to deal with multifaceted security problems in the face of not only budgetary constraints but a demonstrated lack of commitment at some companies when it comes to security."

About the Author

Jabulani Leffall is a business consultant and an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others. He consulted for Deloitte & Touche LLP and was a business and world affairs commentator on ABC and CNN.

Featured

  • young man in a denim jacket scans his phone at a card reader outside a modern glass building

    Colleges Roll Out Mobile Credential Technology

    Allegion US has announced a partnership with Florida Institute of Technology (FIT) and Denison College, in conjunction with Transact + CBORD, to install mobile credential technologies campuswide. Implementing Mobile Student ID into Apple Wallet and Google Wallet will allow students access to campus facilities, amenities, and residence halls using just their phones.

  • lightbulb

    Call for Speakers Now Open for Tech Tactics in Education: Overcoming Roadblocks to Innovation

    The annual virtual conference from the producers of Campus Technology and THE Journal will return on September 25, 2025, with a focus on emerging trends in cybersecurity, data privacy, AI implementation, IT leadership, building resilience, and more.

  • illustration of a football stadium with helmet on the left and laptop with ed tech icons on the right

    The 2025 NFL Draft and Ed Tech Selection: A Strategic Parallel

    In the fast-evolving landscape of collegiate football, the NFL, and higher education, one might not immediately draw connections between the 2025 NFL Draft and the selection of proper educational technology for a college campus. However, upon closer examination, both processes share striking similarities: a rigorous assessment of needs, long-term strategic impact, talent or tool evaluation, financial considerations, and adaptability to a dynamic future.

  • DeepSeek on AWS

    AWS Offers DeepSeek-R1 as Fully Managed Serverless Model, Recommends Guardrails

    Amazon Web Services (AWS) has announced the availability of DeepSeek-R1 as a fully managed serverless AI model, enabling developers to build and deploy it without having to manage the underlying infrastructure.