IT Dogged by Security Issues, Studies Find

##AUTHORSPLIT###- -->

Software security continues to trouble IT pros, who often have to do more with less in the current recession, according to two industry-sponsored studies.

A leading attack vector seems to be Web sites, and IT pros who've had their organizations' Web sites attacked aren't alone, according to a study by software security firm WhiteHat. Eighty-two percent of Web sites have had a "high, critical or urgent issue" since the Web site's inception, according to the study, "Web site Security Statistic Report: Spring 2009."

Moreover, the troubles haven't disappeared with time. Sixty-three percent of the Web sites that WhiteHat canvassed currently have a "high, critical or urgent issue." Of the 17,000 plus security vulnerabilities identified, a little more than 7,000 remain unfixed.

The report doesn't describe the specific attacks in detail although it does list the top ten vulnerabilities. Cross-site scripting tops the list, followed by information leakage and content spoofing, among others. The report collected data between January 1, 2006 and March 31 of this year.

"One of the biggest takeaways from this report is that not all vulnerabilities are created equal, but many are very serious," said Jeremiah Grossman, WhiteHat's founder and chief technology officer for security, in an e-mailed statement. The vulnerabilities can cause serious damage by providing a means for releasing sensitive information, he added.

The attackers are out there, but are IT pros ready to do battle from the home front? Another study, commissioned by VanDyke Software, examined attitudes among IT personnel about the security of their shops, even as IT budgets are getting cut this year.

The study, "What Keeps Network Administrators Up at Night," polled 320 network and systems administrators. More than 41 percent had a decrease in security-related expenditures at their organizations, and only 22 percent saw an increase. These 2009 findings represent a reverse of the spending trend seen in 2008.

Forty-six percent of network and systems administrators "feel that their organization has not budgeted sufficiently to support current information security needs," according to the report.

"What we saw was a measurable split between those who were sleeping like babies and those who are really concerned that not enough attention is being paid to securing the system," said Jeff Van Dyke, founder of VanDyke Software.

The IT administrators in the report who had "trouble sleeping," according to Van Dyke, specifically saw challenges in managing enterprise users, as well as concerns about the security of laptops and handheld devices.

"Organizations that have automated and monitored security operations can get more bang for their buck," Van Dyke added. "But there's no substitute for vigilance about what's going on and the ability to deal with multifaceted security problems in the face of not only budgetary constraints but a demonstrated lack of commitment at some companies when it comes to security."

About the Author

Jabulani Leffall is a business consultant and an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others. He consulted for Deloitte & Touche LLP and was a business and world affairs commentator on ABC and CNN.

Featured

  • horizontal stack of U.S. dollar bills breaking in half

    ED Abruptly Cancels ESSER Funding Extensions

    The Department of Education has moved to close the door on COVID relief funding for schools, declaring that "extending deadlines for COVID-related grants, which are in fact taxpayer funds, years after the COVID pandemic ended is not consistent with the Department’s priorities and thus not a worthwhile exercise of its discretion."

  • illustration of a human head with a glowing neural network in the brain, connected to tech icons on a cool blue-gray background

    Meta Introduces Stand-Alone AI App

    Meta Platforms has launched a stand-alone artificial intelligence app built on its proprietary Llama 4 model, intensifying the competitive race in generative AI alongside OpenAI, Google, Anthropic, and xAI.

  • The AI Show

    Register for Free to Attend the World's Greatest Show for All Things AI in EDU

    The AI Show @ ASU+GSV, held April 5–7, 2025, at the San Diego Convention Center, is a free event designed to help educators, students, and parents navigate AI's role in education. Featuring hands-on workshops, AI-powered networking, live demos from 125+ EdTech exhibitors, and keynote speakers like Colin Kaepernick and Stevie Van Zandt, the event offers practical insights into AI-driven teaching, learning, and career opportunities. Attendees will gain actionable strategies to integrate AI into classrooms while exploring innovations that promote equity, accessibility, and student success.

  • robot waving

    Copilot Updates Aim to Personalize AI

    Microsoft has introduced a range of updates to its Copilot platform, marking a new phase in its effort to deliver what it calls a "true AI companion" that adapts to individual users' needs, preferences and routines.