Almost 30 per cent of current spend on IT security in Europe is either misplaced or wasted on ad hoc purchases, according to new research.
Analyst IDC has predicted that the £1.26bn European companies racked up on security in 2000 will soar to £4.34bn in 2005.
But security firm MIS Corporate Defence Solutions said that the 2005 forecast could be closer to £6.23bn if companies fail to stop and take stock of exactly what they are receiving from their security suppliers.
Research from MIS found that "many security suppliers are taking advantage of their unquestioning clients by advising them to spend more money on security than is necessary".
An average of 200 websites breached every day in the UK over the last six months would shock even the most cautious finance director into believing that they need to spend thousands more on securing their business. Especially when the average cost of such a breach has been estimated at £16,000.
Couple this with a skills shortage of around 35 per cent in the security industry and you have corporates being overwhelmed by security providers throwing a lot of technology at end users' problems.
But MIS reckons there are cost saving avenues to be considered and recommends the following top 10 tips:
- Have an audit or penetration test carried out by an independent company to find security holes before purchasing any tools. This avoids the purchasing of tools for problems you do not have.
- Know your requirements. Ecommerce sites have different security requirements to information-based sites. Lower your costs by implementing security at the concept stage rather than when your project is in full swing.
- Use a third-party supplier which will concentrate on recommending tools and services to secure your mission critical/high business impact security issues.
- Reconfigure your network before purchasing tools. A bad supplier would recommend purchasing a separate firewall for every connection you have, but rationalising the number of internet connections, and directing all traffic through one point of entry, will only require one properly configured firewall. Analyst Datamonitor has warned that 80 per cent of firewalls fail because of poor configuration and lack of advice from the supplier.
- Write a bespoke security policy and use products configured in line with your policy to enforce it, rather than the other way around. This will save you from making costly last minute panic purchases.
- Consider centralising security management via experienced managed services. These can lower costs in some companies by up to 96 per cent.
- If you have the in-house expertise purchase a modular set up from the same vendor. Bundle prices are often available and may involve only one support contract.
- Standardise on security device platforms such as Nokia. NT is not a security platform. If you do not commence with a secure platform, you will find yourself constantly spending budget trying to secure it.
- Maintain the infrastructure integrity with constant reviews, patches, and virus and vulnerability signature updates. This improves the odds of staying ahead of the hackers.
- Do not use BS7799/ISO7799 as a 'must apply manual' as it is only a guideline and is not specific enough for individual companies. Attempting to achieve this status is time consuming and extremely costly.
Delays to the roll-out of age verification for adult websites hasn't stopped government from considering extending them to more websites
Bluehole confirms rumours that Playstation 4 port is coming on 7 December
Atmospheric iodine works as a significant sink of tropospheric ozone, nullifying the harmful pollutant
A temperature rise of just 1.8° C would melt major ice sheets