Analytics
4/27/2009
05:55 PM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Security Suffers Cuts In Recession, But Fares Better Than The Rest Of IT

Layoffs, cutbacks aren't as painful in security, but they are happening, studies say

Security might still be a haven from the budget ax, but some cracks are definitely appearing around the door, according to several studies published last week at the RSA Conference in San Francisco.

More than 70 percent of IT security professionals said they have been forced to cut their budgets during the past six months to adjust for the economic downturn, according to a report released by (ISC)2, an association of security professionals. Approximately half of the respondents said they have made at least one layoff in the security department.

The data runs counter to several other studies published earlier this year, in which most security professionals had said their spending would hold steady or increase in 2009. "The current economic conditions have had an effect on all professions, including information security," said Lee Kushner, president of LJ Kushner & Associates, a national IT recruiting firm.

The data in the (ISC)2 report is supported by a separate report issued last week by MetroSITE, a security consulting firm. MetroSITE found that 72 percent of companies surveyed expect to make downward revisions of their security budgets during the remainder of the year.

Security vendor Lieberman Software also posted a survey of IT and security pros that indicates 60.7 percent of respondents work at organizations that have reduced their IT budgets in 2009. Some 40 percent of the respondents have reduced staff since January, the report states.

The new studies would appear to poke holes in the notion that IT security is somehow "recession-proof," as some analysts have suggested. But even in the new data, there appears to be reason for optimism.

In the (ISC)2 study, for example, 55 percent of respondents said they do not expect any further security budget cuts for the remainder of the year. Approximately the same percentage of respondents said they do not expect further staffing cuts in 2009.

A study published last week by CA mirrors the optimism of earlier in the year, reporting that 50 percent of IT professionals expect security spending to remain the same, while 42 percent expect an increase. Only 8 percent expect a cut in their budgets, the study says.

"The cost of compliance and the risks associated with data breaches are keeping most companies from cutting back," said Dave Hansen, corporate senior vice president and general manager of CA's security management business, in an interview at RSA.

And while security may not be recession-proof, it remains better off than most other sectors of IT, experts say. "There has been speculation about whether IT security spending would increase or decrease during this recessionary cycle," said Bob West, CEO of Echelon One, a security industry research firm. "Now we can see with some evidence that security budgets seem to fare better than general IT spending."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message. Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-3946
Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

CVE-2012-5723
Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

CVE-2013-6738
Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

CVE-2014-0188
Published: 2014-04-24
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to...

CVE-2014-2391
Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

Best of the Web