Gartner Says That Through 2005, 20 Percent of Enterprises Will Experience a Serious Internet Security Incident

Aug. 1, 2003
STAMFORD, Conn.--(BUSINESS WIRE)--With more than 600 million individuals worldwide now on the Internet, cybercriminals are taking advantage of users,

STAMFORD, Conn.--(BUSINESS WIRE)--With more than 600 million individuals worldwide now on the Internet, cybercriminals are taking advantage of users, enterprises and unsecured systems to usher in a new era of high-profit, low-overhead crimes, according to Gartner, Inc. (NYSE: IT and ITB).

Gartner analysts said that through 2005, 20 percent of enterprises will experience a serious (beyond virus) Internet security incident. These crimes are targeting information and intellectual property. While the majority of enterprises will not face such an attack, companies must still take the proper precautions. Being a victim of one of these security incidents could be much more costly for enterprises if they don't protect themselves.

"It takes only one unsecured machine on a network to create potential risk for everyone else," said Richard Hunter, vice president and Gartner Fellow. "The risks and the costs of defenses are high, and the trend is moving both upward."

Gartner's assessment is that, at its highest level within the enterprise, information security's top vulnerabilities are:

-- Fundamentally insecure commercial software

-- An inadequate patch update model

-- Misguided users who believe crime happens to "someone else"

While companies try to address those security issues, a number of new technologies will add to their challenges. Web services will produce discontinuities in new application security. Unsecured wireless LANs represent a serious point of potential failure for enterprise networks, and instant messaging is creating worrisome holes.

"As enterprises turn their collective attention away from tactical security issues stemming from homeland security initiatives and back to infrastructure security, they will witness an evolution from after-the-fact improvements to more secure and thus more expensive products," said Victor S. Wheatman, managing vice president for Gartner.

Gartner's new report, "Securing the Enterprise: The Latest Strategies and Technologies for Building a Safe Architecture," describes ways in which IS and security organizations can monitor risks, assess defenses and create more secure enterprises. The report features 16 fact- and advice-filled chapters, an appendix about firewalls, a glossary of terms and 115 figures, including six "Magic Quadrant" vendor evaluations and five Hype Cycles.

Important topics addressed in the Security Executive Report include:

-- Gartner's "Cyber-Threat" Hype Cycle, which details the progression of a number of important cyber-threats

-- The role of government in fighting cybercrime

-- How to build and manage a computer incident response team

-- The most important issues and strategies for IT security management

-- Business continuity and disaster recovery management

-- The importance of implementing wireless and mobile security measures

The Gartner security report (ISBN 0-9741571-2-0) is priced at $1,295. The 250-page security report is an offering from the new Gartner Executive Report Library, a five-set series from Gartner Press that provides buyers with comprehensive printed reports on topics of critical interest to today's business and IT executives.

For information about purchasing the report or others in the Executive Report Library, visit www.gartner.com/executivereports. Other Gartner Executive Reports available for purchase cover the following topics: customer relationship management; Web services and middleware; outsourcing; and asset management.

Further in-depth analysis on security issues is available to subscribers of the Gartner IT Security Directors Membership Program. This powerful tool is designed to help those charged with ensuring optimal security for their business and IT infrastructures achieve their goals, and also help them to manage costs. The Gartner IT Security Directors Membership Program provides market analysis, decision support tools, on-site workshops, newsletters, bulletins, and access to analysts via a Web portal designed specifically to address the growing issues and concerns of IT security directors. For more information on Gartner's IT Security Directors Membership Program, visit www.gartner.com/pages/story.php.id.3436.s.8.jsp or call Gartner at 203-316-1233.

Gartner, Inc. is a research and advisory firm that helps more than 10,000 clients leverage technology to achieve business success.