Server platforms Toolkit

Is it boom time for IT security?

John McCormick Tech Republic

Published: 24 Feb 2003 11:50 GMT

Several interesting reports have recently been published that look at how administrators will need to approach IT security over the next few years, as well as how they should handle their jobs if they want to advance.

Aberdeen findings and predictions

First, Boston-based Aberdeen Group (whose recent report on CERT listings of Linux vulnerabilities caused such a stir) has published a platform-neutral report titled 2003 Predictions for Security and Privacy. The report contains the company's view of the most important trends in the area.

Highlights of the report include the prediction that identity theft costs will triple from the estimated 2002 figure of $8.75 billion to $24 billion this year. That includes all costs, including those to victims and the financial institutions involved. It's dismaying that most of the prosecutions and investigations we hear about are still focused on copyright protection and such.

The number of reported security incidents has climbed from about 50,000 in 2001 to double that in 2002. Aberdeen draws the obvious conclusion that this figure will probably double again in 2003, which would result in more than 200,000 incidents reported by the end of this year.

A more questionable statistic is the number of unreported security incidents that Aberdeen sees as "climbing from 4.1 million in 2001 and 7.9 million in 2002, to 15.9 million in 2003." This may be accurate since obviously many incidents, even critical ones, go unreported, but Aberdeen hasn't included any information about how or why it made this estimate.

Easier to understand is the prediction that companies will continue to dump first-generation intrusion detection systems that report so many false positives that they have proven to be practically useless in many environments. Aberdeen says that these old pattern-matching monitors will be ditched as more and more companies realize that supporting them is a waste of resources.

It also predicts that spam will almost double in volume from 2002 before the end of 2003, and it's difficult to argue with that prediction. Unfortunately, Aberdeen Group also sees government preparation for cybersecurity not advancing beyond the planning stages in 2003.

Cybersecurity market growth trends

International Data Corp (IDC), a division of Framingham, MA-based International Data Group (IDG), has released Big Picture: IT Security Products and Services Forecast and Analysis, 2002-2006." The consulting firm's 16-page report (which costs $2,500) centres on a prediction for cybersecurity market growth, saying that it will grow from the $17 billion spent in 2001 to $45 billion in 2006. The largest growth is in security-related hardware.

Another IDC report says that Asia-Pacific region companies typically spend between 8 and 14 percent of their IT budgets on security and that the spending will jump to 9 to 17 percent in 2003. There is a growing concern over the impact of viruses, and companies are expected to move beyond firewall and antivirus software to deploying more VPNs.