You are not done investing in security

Companies will continue to spend on security during the next three years, according to a recent report from IDC (a sister company to CIO’s publisher). While many IT sectors expect lackluster growth, the security segment is forecast to grow at a compound annual growth rate of 25 percent from 2001 to 2006.

IDC senior research analyst Brian Burke says that attacks on corporate computer systems, both wired and wireless, will continue to become more sophisticated and will target multiple network vulnerabilities. “More viral and harder-to-detect blended threats or hybrid worms – viruses that build upon previous viruses – will become increasingly more common,” Burke says. He suggests that companies continually work to identify vulnerabilities.

Best practices

Subscribe to a security service for patches. As the new old saying goes, “Security is only as good as its last update,” says IDC’s Brian Burke. Protect your network from known vulnerabilities, such as those found by the most recent virus SQL Slammer, by signing up for automatic patch updates or alerts. “Even three days is too long a time to go without updating your antivirus software,” Burke adds.

Enforce security policy. Burke cautions that a number of industries such as health care and finance are legally bound by HIPAA and other regulations to protect customer privacy. “Having a security policy isn’t enough,” Burke says. “Companies must enforce their policy and ensure that employees are adhering to it.”

Filter spam. Burke recommends that CIOs take spam seriously. “Spam is no longer just a nuisance. It takes up valuable network bandwidth and is a conduit for viruses,” he says.