Net Persist Solutions Group: Business Problems We Solve

The number of known software vulnerabilities and exploits is near record highs

In 2009, the number of cyber break-ins and identified network/application vulnerabilities continued its inexorable rise. The U.S. Department of Homeland Security Cyber Security Division documented over 3400 new software vulnerabilities between January and July 2009, with 96% being considered high-medium risk.

Furthermore, the number of exploits targeting these vulnerabilities is also at record highs. In 2008, Symantec created over 1.6 million malicious code signatures, which represents a 265% increase over 2007.

Legal liability for security breaches is now a reality

Organizations that fail to show due diligence when it comes to protecting their data assets face a real risk of legal problems or fines in the not-too-distant future. The renewed caution comes in the wake of an escalating number of highly publicized security breaches that involved unauthorized access to confidential personal information.

New security legislation and e-commerce security standards are also driving increased demand for security services, as businesses are forced to strengthen their security posture to avoid potential legal exposure or fines. Examples of such legislation and security standards include:

	Payment Card Industry Data Security Standard (PCI-DSS), a wordwide information security standard created to help organizations prevent credit card fraud through increased controls around data and its exposure to compromise.
	Personal Information Protection and Electronic Documents Act - PIPEDA (Canada), which gives Canadians a degree of privacy protection and control over the personal information about them that is collected, used and traded in the private sector.
	Personal Information Protection Act - PIPA (British Columbia) which governs the collection, use, disclosure and protection of personal information by organizations in British Columbia which are not covered by federal PIPEDA legislation no matter what size or type.
	Healthcare Insurance Portability and Accountability Act (HIPAA) (United States), which requires (1) the standardization of electronic patient health, administrative and financial data, (2) establishment of unique health identifiers for individuals, employers, health plans and health care providers, and (3) security standards protecting the confidentiality and integrity of "individually identifiable health information," past, present or future.

The pool of trained security professionals remains small

According to a recent Computerworld survey that polled 164 IT professionals on their hiring practices, it takes companies an average of three to five months to find and hire senior-level security managers.

Furthermore, a recent Computer Security Institute (CSI) survey of 340 organizations found an average of one information security specialist for every 1,600 employees, compared to an average of eleven physical security workers, and more than fifty IS professionals per 1,600 workers.