Australian corporations are at the centre of an IT security spending frenzy but millions are being wasted on inappropriate products and a lack of implementation expertise.
Predicting the spending spree to peak in 2004, Forrester Research has warned that "security is being set up to do a poor job at a high price with reactive investments over the next few years leaving companies no better off than they are today".
Despite projecting 300 per cent growth in security spending, which will top $19.7 billion in the US alone over the next few years, the research firm said a "shotgun approach" by companies will lead to billions being wasted.
Speaking in Australia this week, NetIQ global security manager Michael Mychalczuk said increased media attention about security breaches and movies featuring sophisticated hackers have scared many corporations.
"So they race out to buy a firewall or intrusion-detection product without understanding how it meets their business needs. This is coupled with a lack of implementation expertise -- the product is put in and ignored, sitting there setting off red lights," he said. "Before purchasing, companies need to know acceptable risk and to assess which products they need to buy to fit into a broader strategy."
The Forrester report claims business have fallen into the trap of trying to protect everything, ignoring the fact that some assets have more business value than others.
"A hammer doesn't replace a screwdriver -- you need both these things as well as other tools to build an entire house. The same rules apply for IT security," Mychalczuk said.
The bases of most IT security are firewall and antivirus products but Mychalczuk said many IT shops treat a firewall as a "black box that is just plugged in", while antivirus software is only as good as its last signature update.
"Security personnel spend 60 per cent of their time just trying to research what is going on and managing constant updates and alerts," he said.