Despite few actual cases where the CIO or anyone within the IT
ranks is fired because of a security breach, a new survey from King
Research has found that 73% of the 256 IT workers polled are very
concerned they will lose their job in the event of a
security breach. More than half of the respondents were from
medium-sized companies.
 | | | | | They've done everything they knew
to do, but they don't have time to keep up.
Rick Harrison
MIS DirectorCity of Columbia,
Tenn. |
| | | | | |
| |
|
"IT professionals are not confident with their present security
measures," said Rob Meinhardt, CEO of
KACE Networks Inc., the Mountain View,
Calif.-based systems management appliance firm that commissioned
the survey.
About 65% of the respondents admit to not taking all the steps
they should, the survey found. "So they're vulnerable," Meinhardt
said. "They're not taking the next steps to protect their own
jobs."
But the guys on the front lines aren't as empowered as they
should be either, say experts, particularly in medium-sized
companies where IT workers tend to be generalists. When you take a
generalist and expect them to handle a complex problem with a
complex tool, something is going to fall through the cracks.
"These guys aren't security experts," Meinhardt said.
The 246 participants polled represented a wide range of IT
functions, including hands-on professionals, team managers and
business owners, with many participants indicating they had
multiple roles within their organization.
Experts say the CIO is often the first executive to be called to
task for any IT security violation, despite the fact that problems
with security generally involve a number of departments. But the
problem at many companies is executives don't know whom to blame
because they haven't assigned responsibility for risk, experts
say.
"In the midmarket world I would imagine that fear among the rank
and file would exist -- that seems logical -- whether it's your
only job or one of eight things you do, someone is responsible for
keeping data security," said Jack Phillips, managing partner of the
Institute for Applied Network Security in Boston.
Still, he said, he believes that everyone, for one reason or
another, feels insecure about his or her job and what most will
discover is that if the ax falls it won't necessarily be because of
anything they did wrong. More often than not, it will be a "classic
case of peeling back the onion until you get to the kernel," he
said. In the event of a breach, "a lot of folks get implicated and
then are vindicated when it's discovered that it wasn't really
their fault. The focus of attention goes elsewhere." Bottom line:
No one should lose sleep over this.
The anxiety on the part of IT workers really boils down to a
lack of training and knowledge, said Rick Harrison, MIS Director
for the City of Columbia, Tenn., located 45 miles south of
Nashville. Population: 38,000.
"They've done everything they knew to do, but they don't have
time to keep up," he said.
Moreover, while 87% of IT organizations are confident in their
ability to deal with viruses, spam, spyware and malware, only 35%
feel they are equipped to deal with lost corporate or personal
data.
Lack of sleep could also be fueling their paranoia. Eighty percent
admitted to being forced to work evenings, weekends, or late nights
to deal with security.
"You [make sure you] do your due diligence. But you can only go
so far," said Harrison, who claims not to lose sleep over security.
"I truly believe [that if there is] a hacker [intent on getting
into your system] he'll get in regardless, and it will not be the
fault of your IT department."
Plus, mistakes can happen, he said, and added the powers that be
have to be reasonable and "allow a certain amount of room for being
human."
Let us know what you think about the story; email:
Kate Evans-Correia, News
Director