Gartner Survey Ranks Viruses and Worms as Top IT Security Threats; IT Departments in Large Organizations See Firewalls, Intrusion Detection and Prevention, and Anti-Virus Software As Priority Defenses

Business Wire, June 15, 2005

STAMFORD, Conn. -- Firewalls, intrusion detection and prevention, and anti-virus software are the high-priority defenses information technology (IT) managers are pursuing this year to combat IT security threats, according to results of a new survey released today by Gartner, Inc.

"Organizations are more concerned about viruses and worms than any other security threat," said Rich Mogull, vice president in Gartner's Information Security and Risk research practice and one of the analysts who directed the survey. "Outside hacking, or cracking, as well as identity theft and phishing also are considered significant issues (see Table 1). Cyber-terrorism was ranked last among the 11 threats listed in the survey."

Phishing is an online fraud that occurs when a cyberthief sends an e-mail with a link to a false Web site where users are asked to provide personal account information.

Table 1

Respondents Rate How Critical Each of the Following Security Threats
is To Their Organization
("1" Means No Concern at All, and a "10" Means Extremely Concerned)

IT Security Threat                                    Rating
------------------------------------------------------------
Viruses and Worms                                       7.6
------------------------------------------------------------
Outside Hacking or Cracking                             7.1
------------------------------------------------------------
Identity Theft and Phishing                             7.0
------------------------------------------------------------
Spyware                                                 6.8
------------------------------------------------------------
Denial of Service                                       6.6
------------------------------------------------------------
Spam                                                    6.3
------------------------------------------------------------
Wireless and Mobile Device Viruses                      6.2
------------------------------------------------------------
Insider Threats                                         6.2
------------------------------------------------------------
Zero Day Threats                                        5.9
------------------------------------------------------------
Social Engineering                                      5.9
------------------------------------------------------------
Cyber-Terrorism                                         5.6
------------------------------------------------------------

Source: Gartner, Inc. (June 2005)

Conducted in May 2005, the survey included responses from 133 North American organizations with global operations and revenues exceeding $750 million. Six of 10 surveys were completed by IT managers, with 91 percent overall answered by employees in IT departments.

Half of the survey participants said they increased IT security spending this year and expected to do so again in 2006. Seven of 10 said they considered the systems and processes of the IT unit in which they work more secure than a year ago, mainly because better security controls now are in place.

More than one-third of the respondents said the need to comply with new regulatory requirements, such as those mandated in the United States by the Sarbanes-Oxley Act, was the largest factor in determining spending priorities on IT security.

In addition to firewalls, intrusion detection and prevention, and anti-virus defenses, other spending priorities in IT security include patch management, strong user authentication, remote access, vulnerability assessment, user provisioning or identity management, security event correlation and reporting, spam filtering and web-site filtering or blocking.

More than half the respondents said they preferred buying 'best-of-breed' products from multiple technology providers. Multi-vendor suites integrated under a common framework were preferred by more than one-third of the survey participants.

The survey participants work in organizations with a mean average of nearly 2,300 worldwide IT employees and a mean average of $207.4 million in worldwide IT budget.

Highlights of the survey results were presented at Gartner's 11th annual IT Security Summit last week in Washington D.C. The conference included a record attendance of approximately 1,700 IT professionals, a 15 percent increase from attendance at the 2004 conference. The number of sponsors rose 14 percent to 121 companies. Additional information on the Summit is available at www.gartner.com/us/itsecurity, with news coverage and related commentary on several Summit sessions posted under the "News Center" tab.

Gartner IT Security Innovation Award

At the conference, Lehman Brothers, the global financial services firm, was named first recipient of the Gartner IT Security Innovation Award. Lehman Brothers was recognized for its success in eliminating rogue user accounts and sharply reducing the time and expense of administering more than 400,000 system-user accounts. Moreover, the time required to completely add or remove user access was reduced to minutes from days. The Lehman Brothers project was based on an innovative deployment of Thor Technologies' Xellerate Identity and Access Management product.