It seems no matter how many companies make the news because of IT security problemsrecent victims and foul-ups include AOL LLC, AT&T Inc., Sovereign Bancorp Inc., the TJX Companies, UCLA and Verizon Wirelessthe perceived state of security resembles Garrison Keillor's mythical Lake Wobegon, the town "where all the women are strong, all the men are good-looking, and all the children are above average." According to this year's security survey, most IT executives still say their corporate security is strong, risk of a breach is moderate or low, and confidence in their ability to fend off attacks is rising. About 85 percent of our 187 respondents feel certain they can keep their company's money safe from thieves' clutches.
But these assurances seem increasingly naïve as time goes on. Too many organizations still fall prey to database theft. Social networking sites provide new opportunities for downloading tainted files and social engineering gambits. Careless behavior by employees combined with spotty security policies provide plenty of openings for scam artists. New forms of online fraud frequently appear on the scene. A widely reported study by MarkMonitor, an Internet security firm specializing in brand protection, found a rise in "cybersquatting" (using trademarks on illegitimate sites), "clickfraud" (bogus clicks on ads) and "domain kiting" (illicit Web sites with similar names to well-established sites), along with phishing and other scams. The better gauge of how CIOs truly feel about security is spending: IT security budgets are growing, and companies are plunking down cash for a broader range of technologies and services.