THE IT THREAT LANDSCAPE IS CONSTANTLY
changing, yet many security departments can’t align
their spending with the most dangerous threats—the
ones that keep technology and security managers
awake at night. Why is that?
To find the answer, Baseline commissioned Ziff Davis Enterprise
Research to survey the security community. The 2008 Security Survey
revealed that most security gurus are not spending their budgets on the
risks that most concern them. (See charts on the following pages.)
We examined the survey results and consulted with experts to find
out why—after all this time, money and effort—security teams are still
struggling to keep up with today’s biggest risks. The overwhelming
evidence points to the fact that even though many are aware of these
threats, they’re still clinging to yesterday’s security products.
For at least two years now, security experts have been going on
ad nauseam about the “de-perimeterization” of the enterprise network.
“A number of years ago, we let the IT guys build the firewall and worry
about the security of the network,” says Eddie Zeitler, executive
director of (ISC)2, the security education organization responsible for
CISSP accreditations. “Now, because the perimeter is so open, the first
thing we talk about is the data and how to protect it.”