Over half the respondents surveyed by the RSA Conference said their top security concern was budgetary constraints.
Over half of the IT security executives and professionals had a common complaint when asked by an IT security conference what security issues are immediately affecting them. Their response: less money in a time of rising threats.
The survey conducted by the RSA Conference found that 57 percent of IT managers said the biggest security challenge they face is budgetary constraints as organizations go lean in a down economy.
Yet tight budgets come at a time when over half the IT managers found an increase in Web-based malware attacks and nearly three out of four noticed an increase in e-mail malware and phishing attacks.
Money is so tight for some organizations that despite an overwhelming majority of IT security executives noticing an increase in e-mail-based malware and phishing attacks, 8 percent will have to do away with the necessary technology investments to defend against the threat.
“It is very disconcerting to see that while the trends and the experience of security professionals point to web and email-borne malware as the biggest threat, companies are cutting messaging and web security budgets,” said Andreas Antonopoulos, senior vice president and founding partner at Nemertes Research.
Another top security concern for these top professionals was the loss and theft of employee mobile devices like the iPhone and the Blackberry. Nevertheless, 15 percent will reduce their organization's spending in mobile security and wireless security.
Antonopoulos said too many organizations spend too many resources trying to prevent spectacular attacks while allowing their defenses against more mundane and costly threats like malware and phishing to wither.
'Security controls should be driven by risk/reward calculations that soberly evaluate the impact on the business, rather than sensationalist media reports," he said.
Security professionals know where the true threats lie, said Antonopoulos, but repeating an industry truism, noted security professionals have a hard time quantifying the threat and explaining it to senior management.
Logo by momentimedia/Flickr