Managing risk: The analyst’s view

Increasing security threats require strong management strategies

A growing range of security threats and potential sources of information leakage mean IT leaders need to ensure their risk management strategies are up to scratch, says Gartner research vice president Jay Heiser.

“I would say the majority of our clients are experiencing acceptable rates of failure associated with traditional security areas – they are not the major issue. But the level of attacks continues to be ratcheted up and the bar continues to be raised,” he says.

“It isn’t so much the traditional virus that is an issue now as stealth malware – that is trying to steal data, most commonly passwords and log-ins. And there are various levels of industrial espionage-ware.”

For Heiser, the seemingly age-old threats of viruses and hacking have been joined by an ever-proliferating number of new menaces, some of which firms have brought on themselves.

Despite speculation and postulation, it is probably still too early to point the finger at social networking as a specific threat to the integrity of corporate processes. But other online information is already posing a risk to business integrity.

“Right now we are taking a good hard look at Google in terms of the amount of information available and what can be done with it by sophisticated attackers able to correlate relatively basic information and make it into something that is much more significant,” he says.

“Innocent things people do – even in their personal lives, if they provide information about their corporate activity – can impact on their company.”

Heiser also advises a keen corporate focus on reputation awareness. “It is imperative that businesses keep an eye on what is being said about them on the web,” he says.

“Ultimately it might be insoluble but certainly you can spend more time monitoring what is said about you on the internet and you can subscribe to services that help you do that.

“Some policies are probably necessary and a growing number of companies are going to have to work out arrangements with their employees around what level and type of blogging is considered appropriate in their spare time.”