Financially motivated data breaches are set to cost businesses 20% more each year until 2009, according to Gartner.
John Pescatore, VP at Gartner, said the biggest risk to organisations came from targeted attacks. He said that “phishing and identity theft attacks have caused the rise of ‘credentialled’ attacks, in which the attacker uses the credentials of a legitimate user”.
Malicious software attacks allowed internal executables to be used to forward information to an external attacker, Pescatore warned. “Being aware of ‘inside out’ communications and being able to block those as effectively as ‘outside in’ is becoming increasingly important,” he said.
It was important to make sure that security strategies reduced the cost of dealing with mass attacks, Gartner advised, in order to free up budgets for the next generation of security attacks.
The analyst group reckons the average business is spending more than 5% of its IT budget on security, and another 7% on disaster recovery.
But it said 90% of targeted attacks could be avoided without an increase in firms’ security budgets, and said the investments that enterprises had made in intrusion prevention, vulnerability management and network access control had largely paid off.
At the same time, however, it warned that there was currently little or no correlation between organisations that spent the most on security and those that are most protected, it said.
It said the most effective way to become increase the efficiency of security spending was to avoid vulnerabilities by ensuring that security was a top requirement for every new application, process and product. It was also important to establish security metrics to measure spending efficiency, it added.