ISS reports vulnerability rise
More hacks mean more security sales
Computer security specialist Internet Security Systems (ISS) has reported an increase in security threats - and an upturn in business for the channel as a result.
In its latest Risk Impact Summary Report, ISS reported a 65 per cent increase in security threats compared with the same period last year. The report also found that the number of new vulnerabilities grew by 8.5 per cent.
Spending on security with resellers and distributors is rising fast as companies recognise the growing threat to IT systems.
"There's been a big increase in security-related contracts over the last year," said David Ellis, director of e-security at internet technology solutions firm, Unipalm.
"The Data Protection Act, increasing computer virus threats and high-profile porn scandals have all played a part.
"Increasingly directors are personally liable for serious problems and that has put the issue high on the agenda. Resellers can scour the market for the best solutions and provide impartial advice," he said.
This overview service is one of the unique selling points for distributors and resellers. Because they are not tied to using a particular product they can often make the best recommendations. Certain software houses are better at producing different products, and the 'one-size-fits-all' approach seldom works.
Whereas in the past security was seen as just another function of the IT department, there is a move towards making it a board issue, in many cases with a chief security officer being appointed to oversee process.
Getting appropriate training is also an issue. While many software vendors run their own training programs, until recently there had been no independent measure.
However, in the past two years, non-profit organisation ISC2 has been offering a qualification for security specialists.
"Security is in the position that IT was 20 years ago," said Jim Wade, executive director of ISC2 and a former head of security at the US Federal Reserve.
"The function tends to be run by an IT specialist with knowledge but there are no institutionalised standards.
"There's also no after-training - as part of our qualification even if you pass you have to undertake and additional 120 hours training over the next three years to make sure your skills are really up to date," Wade said.