At the same time, the US Information Security Survey uncovered indications that companies and organizations are failing to provide rigorous protection of customer and client data. The survey, which was conducted over the Web, received responses from more than 2 500 US information technology and security professionals.
"Companies are taking a more structured approach to information security and making it more of a priority," says Alastair MacWillson, partner in charge of Accenture's security practice.
"Many companies are beginning to see the benefits in leveraging new technologies to proactively assess and manage threats and vulnerabilities, and are consolidating, integrating and securing applications to improve integrity and productivity."
Security attacks are constantly evolving, making it difficult for companies to stay one step ahead. For example, malicious intent is a concern for 45% of respondents. Yet few tie their firm's vulnerability to the lack of a well-defined information security strategy or managerial involvement in security practices and policies.
One third of respondents blame budget constraints for their firm's susceptibility to security breaches, but planted spyware code, has caused slowdowns in network performance and employee productivity in three quarters of the companies.
Viruses affected two-thirds of surveyed sites last year and e-mail is proving to be the launching point of assaults, with falsified information in an e-mail attachment reported as the primary method of attack at 35% of surveyed sites.
As a result of the vulnerabilities with instant messaging and e-mail, electronic communication has become a major focus of employee monitoring with attachments and content of outbound messages carefully scrutinized. Basic-user passwords still remain the most prevalent method used by companies to protect themselves against security breaches.
Informing employees of privacy or behavior standards, posting privacy policies online and using secure Web transactions are the steps taken to safeguard the privacy of customer data. In addition, the survey reveals that the monitoring of instant messaging has jumped from 25% to 34% since last year's survey.
A majority of US companies spend below $500 000 on security expenses, with half anticipating increased spending in 2005 over the previous year, and only 3% expecting spending to decline. Performance and return on investment count the most when purchasing security products.
"Despite the fact that information security professionals are adopting many state-of-the-art security practices, certain lapses still exist that can result in serious financial losses for corporations or a violation of customer trust," says Rusty Weston editor, InformationWeek Research.
"Security professionals lack the ability to control every point of entry, but worse, they have too much faith in technology that claims to automate network defenses."
