Welcome Guest. | Log In| Register | Membership Benefits
  • Email this page E-mail this page
  • |  Print Print this page
  • |   Bookmark and Share

High-Tech Firms Fall Short on Security

They might talk the security talk, but most tech companies are overconfident and underprepared, Deloitte study says

Feb 06, 2008 | 04:00 AM

By Tim Wilson
DarkReading

You'd think they'd be ahead of the curve, given their lines of business. But many technology, media, and telecommunications companies are not eating their own security dog food, according to a study published earlier today.

According to the study, conducted by Deloitte & Touche, some 46 percent of high-tech companies surveyed do not have a formal information security strategy in place. Despite this lack of strategy, however, 69 percent report they are "very confident" or "extremely confident" about their organization’s effectiveness at tackling external security challenges.

This confidence is surprising, given the rest of the survey results. Just 7 percent of high-tech companies believe they are prepared for future security threats. In the past year, only 5 percent of the respondents had increased their security investment by 15 percent or more.

Only 38 percent of companies believe their organizations have all the skills and capabilities they need to respond effectively and efficiently to security challenges. Just 56 percent feel confident in their company's ability to handle employee misconduct and insider threats. Some 38 percent said they don't believe security is an imperative at the executive or board level, Deloitte said.

"The technology, media & entertainment and telecommunications industries are still in a reactive mode when it comes to their approach to security," said Rena Mears, Deloitte global and U.S. privacy and data protection leader.

— Tim Wilson, Site Editor, Dark Reading

  • Deloitte & Touche USA LLP


    • Subscribe to RSS










    Bugs
    ENTERPRISE VULNERABILITIES
    Vulnerability:suse linux
    Published:2010-01-22
    Severity:High
    Description:SUSE Linux Enterprise 10 SP3 (SLE10-SP3) configures postfix to listen on all network interfaces, which might allow remote attackers to bypass intended access restrictions.
    Vulnerability:ie
    Published:2010-01-22
    Severity:High
    Description:The URL validation functionality in Microsoft Internet Explorer 7 and 8 does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability."
    Vulnerability:bind
    Published:2010-01-22
    Severity:Medium
    Description:ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain.
    Vulnerability:ie
    Published:2010-01-22
    Severity:High
    Description:Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530 and CVE-2009-2531.
    Vulnerability:ie
    Published:2010-01-22
    Severity:High
    Description:Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, and CVE-2010-0246.


    Briefing Centers
    POWERFUL INFORMATION
    AT YOUR FINGERTIPS
    (SPONSORED LINKS)