2007 Tech Budgets to Decline; Stealth Malware on the Rise
A projected decrease in next year’s IT budget growth has unclear implications for security spending. Meanwhile, rootkits grow more virulent.
Projected 2007 Economic Slowdown Has Unclear Security Implications
How will IT budgets fare in 2007? A new study forecasts the impact of a slowing U.S. economy. According to Forrester Research analyst Andrew Bartels, “the United States will probably experience a mild economic slowdown of little to no growth in real GDP (gross domestic product) in late 2006 and 2007, which will cause a decided slowdown in IT investment growth in 2007 and early 2008.”
Already, organizations’ IT spending growth is decreasing, albeit slightly. For example, companies in North America have budgeted an average spending increase of 3.2 percent for 2006, compared with last year’s increase of 3.9 percent.
As Bartels notes, however, “when examined by company size, the story is relatively uneven.” For example, spending growth is definitely leveling off at medium-size companies—those with between 1,000 and 5,000 employees. They plan to increase spending by 3.3 percent this year, down from an increase of 6.9 percent in 2005. By contrast, large enterprises—those with more than 5,000 employees—actually plan to increase their IT spending this year by 3.1 percent, up from 1.3 percent in 2005.
Blame the overall decreased growth in spending not on the success or failure of current IT implementations but on the current state of the domestic economy, according to Bartels. “The U.S. economy is struggling with many economic imbalances—record deficits in trade, current account, and the U.S. budget; a housing bubble that is due to deflate; high levels of consumer debt, and low levels of household savings; rising interest rates; and high energy prices. Some of these factors are likely to tilt the economy into at least a slowdown by 2007. This economic slowdown will then cause a comparable slowdown in tech spending growth.”
If overall decreased IT budget growth appears imminent, what are the information security budget implications? Analysts say that’s unclear, given the current importance afforded security, as well as companies’ overall increased security project spending. Last year, for example, Forrester found security implementations were a top priority for companies, second only to regulatory compliance efforts. Furthermore, 63 percent of enterprises spent more on information security in 2005 than 2004.
Some of that security spending, however, is unintentional, and no doubt ripe for correction. For example, one-third of companies report that their security technology deployment costs significantly outstrip their initial budgets. Things aren’t always rosy post-implementation either, with 18 percent of companies saying project effectiveness lags because of difficulties managing the new technology.
Of course, take any budget prediction with a grain of salt. For example, while 69 percent of CIOs Forrester polled in February and March do expect to spend roughly the exact amount of what they’ve budgeted for 2006, 26 percent say they’ll likely exceed it. Only 2 percent expect to spend less.
- - -
Stealth Malware on the Rise
Attacks utilizing stealthy malware, and in particular rootkits, are on the rise, with a new report detailing a 600 percent increase in such technology over the last three years.
The study, released by McAfee, says “the sudden rise of stealth technologies may be attributable to online collaborative research efforts using Web sites that contain hundreds of lines of rootkit code, available for recompiling, adapting, and improving, along with rootkit binary executables.” In other words, attackers can easily find malicious code details online, and essentially cut and paste code for their own purposes.
As such collaborative rootkit efforts continue, expect “hardier and ever more virulent strains of malware,” says Stuart McClure, a senior vice president at McAfee.
The study also found the complexity of rootkits steadily increased from 2000 to 2005. For example, while only 0.9 percent of all Trojan software found in 2004 contained a rootkit, by 2005 that percentage had more than doubled.
There’s also been an interesting shift in attackers’ favored operating systems. In 2001, for example, 71 percent of all malware stealth components targeted the Linux operating system. Subsequently, however, the number of malware components written for Windows operating systems increased in popularity, growing 2,300 percent in six years.
Mathew Schwartz is a Contributing Editor for Enterprise Systems and is its Security Strategies column, as well as being a long-time contributor to the company's print publications. Mr. Schwartz is also a security and technology freelance writer.