Net Persist Solutions Group: Business Problems We Solve

The number of known software vulnerabilities continues to rise

In 2006, the number of cyber break-ins and identified network/application vulnerabilities continued its inexorable rise. Symantec, a leading manufacturer of anti-virus software, documented over 2,500 new vulnerabilities between July and December 2006 -- 12% higher than the first half of 2006, the highest number ever recorded for a 6-month period -- with 79% being considered easily exploitable and 73% being of medium or high severity.

Furthermore, 25% of vulnerability exploit code was released less than 1 day after vulnerability publication, and 31% was released in less than 6 days after vulnerability publication.

Legal liability for security breaches is now a reality

Organizations that fail to show due diligence when it comes to protecting their data assets face a real risk of legal problems in the not-too-distant future. The renewed caution comes in the wake of an escalating number of highly publicized security breaches that involved unauthorized access to confidential personal information.

New security legislation is also driving increased demand for security services, as businesses are forced to strengthen their security posture to avoid potential legal exposure. Examples of such legislation include:

	Personal Information Protection and Electronic Documents Act - PIPEDA (Canada), which gives Canadians a degree of privacy protection and control over the personal information about them that is collected, used and traded in the private sector.
	Personal Information Protection Act - PIPA (British Columbia) which governs the collection, use, disclosure and protection of personal information by organizations in British Columbia which are not covered by federal PIPEDA legislation no matter what size or type.
	Healthcare Insurance Portability and Accountability Act (HIPAA) (United States), which requires (1) the standardization of electronic patient health, administrative and financial data, (2) establishment of unique health identifiers for individuals, employers, health plans and health care providers, and (3) security standards protecting the confidentiality and integrity of "individually identifiable health information," past, present or future.

The pool of trained security professionals remains small

According to a recent Computerworld survey that polled 164 IT professionals on their hiring practices, it takes companies an average of three to five months to find and hire senior-level security managers.

Furthermore, a recent Computer Security Institute (CSI) survey of 340 organizations found an average of one information security specialist for every 1,600 employees, compared to an average of eleven physical security workers, and more than fifty IS professionals per 1,600 workers.