Slow adoption of network security will pose grave threat to sluggish companies

The toughest things to spend money on are those that don’t seem to give you anything in return.

Take car insurance, for example. Every month, a nice whopping wad of cash is deducted from your bank account and transferred to some faceless company that you don’t really know, and that you don’t really want to know. The dough moves from your paltry piggy bank to their copious coffers and you don’t get one smidgen of the satisfaction that you might after buying something like a new set of golf clubs, a book, a CD – heck, even a cup of coffee. You can’t see, smell, taste, hear or hold car insurance, but its cost is considerable, making it one of the most unsavoury things anyone has to buy.

But every month, we continue to shell out for it. Why? Well, in most places it’s illegal not to, which is a prime motivating factor. But even if it was perfectly all right in the eyes of the law to forego buying car insurance, very few of us would choose to drive without it. We have learned, either though personal experience or through hearing unfortunate tales from others, that car accidents happen, and that we must be protected. We will therefore pay what it takes to have that peace of mind.

Up to a point, the situation parallels one of the most potentially disastrous facets of today’s networked business world – namely, network security. The two pictures are the same, it seems, up until the part about shelling out money. When it comes to this all-important element of networking, it’s clear that many firms will have to get burned badly before they realize that security is just as important as car insurance.

A security survey conducted by Network World (U.S.) and Enterprise Management Associates (EMA) in May of last year revealed that 36 per cent of respondents considered their security infrastructure to be inadequate. If 36 per cent of drivers considered their insurance to be inadequate, we’d have some problems out on the roads, and these companies will in all likelihood have some trouble on their network paths in the near future, if they haven’t already.

It must also be remembered that this 36 per cent is only representative of those brave souls who had the courage to respond to the survey and admit that their systems weren’t up to snuff. How many others weren’t so brave?

Other findings indicate that most firms planning to enhance their security setups in the next year plan to do so to counter high-profile threats, such as denial-of-service attacks and viruses. Other equally dangerous but less-trumpeted threats, such as those posed by internal staff members, are further down the priority list. It seems clear that until a company is affected by a certain type of security breach, or until they at least hear a lot about it, not much gets done to prevent it from happening in their organization.

It could be that many firms, at this stage in the development of Internet- and network-based business models, will not be too adversely affected by a security breach. Perhaps their closely guarded corporate secrets still can’t be tapped into electronically, and perhaps their existence isn’t tied to a computer system being available 99.999 per cent of the time.

The businesses that will be amongst the most successful in the future, however, will realize that their operations are becoming more and more network-dependent, and will adopt a proactive approach to security before any major security threats arise. The firms that don’t could end up being as helpless as an uninsured driver in an accident with a police car.