Analytics
4/27/2009
05:55 PM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Security Suffers Cuts In Recession, But Fares Better Than The Rest Of IT

Layoffs, cutbacks aren't as painful in security, but they are happening, studies say

Security might still be a haven from the budget ax, but some cracks are definitely appearing around the door, according to several studies published last week at the RSA Conference in San Francisco.

More than 70 percent of IT security professionals said they have been forced to cut their budgets during the past six months to adjust for the economic downturn, according to a report released by (ISC)2, an association of security professionals. Approximately half of the respondents said they have made at least one layoff in the security department.

The data runs counter to several other studies published earlier this year, in which most security professionals had said their spending would hold steady or increase in 2009. "The current economic conditions have had an effect on all professions, including information security," said Lee Kushner, president of LJ Kushner & Associates, a national IT recruiting firm.

The data in the (ISC)2 report is supported by a separate report issued last week by MetroSITE, a security consulting firm. MetroSITE found that 72 percent of companies surveyed expect to make downward revisions of their security budgets during the remainder of the year.

Security vendor Lieberman Software also posted a survey of IT and security pros that indicates 60.7 percent of respondents work at organizations that have reduced their IT budgets in 2009. Some 40 percent of the respondents have reduced staff since January, the report states.

The new studies would appear to poke holes in the notion that IT security is somehow "recession-proof," as some analysts have suggested. But even in the new data, there appears to be reason for optimism.

In the (ISC)2 study, for example, 55 percent of respondents said they do not expect any further security budget cuts for the remainder of the year. Approximately the same percentage of respondents said they do not expect further staffing cuts in 2009.

A study published last week by CA mirrors the optimism of earlier in the year, reporting that 50 percent of IT professionals expect security spending to remain the same, while 42 percent expect an increase. Only 8 percent expect a cut in their budgets, the study says.

"The cost of compliance and the risks associated with data breaches are keeping most companies from cutting back," said Dave Hansen, corporate senior vice president and general manager of CA's security management business, in an interview at RSA.

And while security may not be recession-proof, it remains better off than most other sectors of IT, experts say. "There has been speculation about whether IT security spending would increase or decrease during this recessionary cycle," said Bob West, CEO of Echelon One, a security industry research firm. "Now we can see with some evidence that security budgets seem to fare better than general IT spending."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message. Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-0360
Published: 2014-04-23
Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376.

CVE-2012-1317
Published: 2014-04-23
The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717.

CVE-2012-1366
Published: 2014-04-23
Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544.

CVE-2012-3062
Published: 2014-04-23
Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID CSCtr88193.

CVE-2012-3918
Published: 2014-04-23
Cisco IOS before 15.3(1)T on Cisco 2900 devices, when a VWIC2-2MFT-T1/E1 card is configured for TDM/HDLC mode, allows remote attackers to cause a denial of service (serial-interface outage) via certain Frame Relay traffic, aka Bug ID CSCub13317.

Best of the Web