IT Security: An Overconfidence Problem?

Network security threats seem to be everywhere, but system administrators believe their companies aren't at greater risk than in the past. This potentially false sense of security was expressed by nearly 90 percent than 2,100 companies surveyed as part of InformationWeek 2006 Global Security Study. So where is the bravado coming from at a time when security researchers are warning us that risk has never been greater as cyber criminals cash in on malware's profit potential?At first I thought maybe the surveyed companies misunderstood the question but last year nearly as many (84 percent) believed they were at no greater risk than in the previous year. I think much of this self-assurance may be coming from the fact that businesses are generally more aware of security and actively engaged in putting both technology and practices in place to mitigate risks. Perhaps system administrators are simply impressed with the sophistication of the security tools available to them.

But whatever the reason for the self-assuredness, I think in this case confidence is definitely misplaced and potentially dangerous ad companies can easily be lulled into a false sense of security. Ignorance is definitely not bliss.

This isn't to say companies are disregarding security. However, I am afraid too many system administrators may be reacting to high-profile incidents and known issues such as data privacy rather than looking ahead to figure out what threats are on the horizon. With security, an ounce of prevention is worth a pound of cure.