TORONTO — With a recent survey showing Canadians organizations are still concerned about security, IBM Canada Ltd. said it will try address thoseworries by investing $40 million in IT security services over the next five years including opening a new security operations centre in Ontario.
need to start taking a holistic approach to security, said Michael Small, the security practice leader for IBM Global Services. Instead, they are currently taking a Band-Aid approach, he said.
Security isn’t just about making sure information is available, it’s also about the confidentiality of information and about protecting an organization’s integrity, he said.
It’s also a top concern among Canadian organizations, according to a survey conducted by IDC Canada. Security ranked third overall behind network upgrades or improvements and Microsoft operating system upgrades among the 460 companies surveyed.
Among the security concerns still worrying Canadian companies, antivirus detection and protection, network security and perimeter defence, and e-mail spam and security ranked the highest.
“”Things we thought organizations might have had a handle on, they’re still grappling with,”” said Steve Poelking, the director of research for infrastructure and applications at IDC Canada in Toronto, speaking at an IBM press conference announcing the security centre.
Almost 60 per cent of the organizations surveyed, which were comprised of small, medium and large businesses, said they had experienced a virus attack. Others also admitted to having their networks hacked and to experiencing denial of service attacks. But very few of those organizations — less than 20 per cent — attempted to calculate the costs of such security breaches.
“”You have to know what your costs are,”” Poelking said.
The security centre will located in the Toronto suburb of Markham. It will try to help companies design security management programs, make sure they meet regulatory requirements, do vulnerability assessments and provide 24/7 real-time monitoring. The centre will also have a lab in which organizations can run simulations to test their safeguards against vulnerabilities.
Security threats are real, and they happen all the time, said René Hamel, the vice-president of computer forensics services for Inkster Group, which investigates security breaches. Incidents such as embezzlement, intellectual property theft and money laundering are common events, but you don’t hear about them, he said. His company follows electronic trails to try to locate the individual behind the keyboard responsible for security breaches.
Viruses are only one type of threat companies have to worry about, Hamel said. They also need to be concerned about internal threats from employees. This is something they don’t like to hear about.