Evidence of increased acceptance of managed security services has been revealed in data released today by Symantec Corp, which suggests that three out of every four European organisations now outsources some aspect of their IT security function.
Symantec surveyed 1,000 IT security managers in mid to large enterprises in the US and Europe in January 2009 about their IT security challenges. “They told us they think that cyber security is becoming a bigger concern for them, and that they expect that the level of attack activity will increase and threats will get greater” said Jim Hart, a security engineer at Symantec.
The survey makes a distinction between ‘threats’ or theoretical risk and actual events or ‘attacks.’ Organisations are finding cyber risk and actual attacks have risen in the last two years and will continue to do so in the next two years, the company said.
“With our global visibility of the threat landscape we are in a good position to see that malware has increased by 500% since 2007,” Hart said. More organisations have experienced botnots, SQL injections, drive by attacks and the like, and they are starting to understand the size of the problems they can cause. Many are struggling to stay ahead of the risks, he added.
In Europe, 98% reported tangible loses stemming from cyber attacks, either through downtime, or cyber fraud and theft of information such as credit card information. “It’s getting harder for them to address the situation because the level of sophistication is on the rise” Hart added.
Symantec claimed that staffing problems are a particular challenge as organisations find it difficult to find qualified people with the right skills, and/or lack the budget to hire sufficient staff. Four in every ten European organisations reported that when it comes to IT security staffing they feel that they are understaffed.
Another 47% told the security services vendor that they believed their budget was inadequate for them to maintain internal security, and meet what has become an increased burden of regulatory demands.
“It is therefore not surprising that 77% of European organisations are involved in some manner with outsourcing some or all of their IT security” said Symantec.
Hart said that there was more emphasis on managed security service providers like Symantec to fill that role by providing new and often no-cost features that supported customers with their compliance obligations. These include systems that store logs and event reports in a compliant manner, and audit trails that can be used to demonstrate to auditors how attacks have been identified and contained.
On the development of the market segment, Hart confirmed that data leakage protection would also lend itself as a security discipline that could be provisioned as an outsourced managed service.
