Lots of money has been spent, but IT is still on high security alert. Why do problems persist, and can the service desk teach security teams about the attention to detail needed to lock down IT?

A survey by Infosecurity Europe, the event which runs alongside the Service Desk and IT Support show, indicates the focus on security remains strong, with over half of the respondents stating that budgets to safeguard IT will increase this year, while just eight per cent expect spending to fall.

Given the steady stream of security foul-ups which have been highlighted by the popular press and the high-level of investment IT security during recent years, why do so many problems remain? Here we look at some of the main IT security issues of 2009.

“Mobile users and remote access are still poorly protected against very agile threats”, says Eric Domage, research manager – security products and services, IDC. “We also expect to see an increase in ‘frustration hacking’ when people opportunistically attack their own company because they have been fired or frustrated, these attacks are almost impossible to prevent. Prevention requires security policy, encryption and access control, these are large projects which need to be implemented before a frustration hacking attack takes place and this is one factor that is driving spending on information security”, concludes Domage.

Cyber crime

According to Tamar Beck, group event director, Infosecurity Europe, cyber crime is still a major concern. “The threat from cyber crime has increased significantly in the past 12 months with predictions of the cost of cyber crime reaching hundreds of billions of dollars a year, and our own research found that 90 per cent of organisations expect security breaches to increase in 2009.  There is still a huge requirement to invest in information security which is resulting in robust budgets for it, even if overall IT budgets may remain static or even shrink slightly”.
The need for solid processes and accountability are clearly of huge benefit for IT security, two skill sets found in abundance on the service desk. Whether those with responsibility for IT security are making use of these skills is not clear, perhaps this is something that the service desk should be pushing onto the agenda. What are your experiences in terms of involvement with IT security? Has anyone had success working alongside security teams?

- Infosecurity Europe runs from the 28th – 30th April 2009, in Earls Court, London.