Recent IT Thefts Leave Vendors, VARs Scrambling For Security

Just look at the Veterans Affairs Department (VA), which has received two PR black eyes in recent months. In May, a laptop theft from a VA employee's home exposed the records of 26.5 million veterans and their spouses, an incident made worse by the VA's failing to publicly disclose the theft until about a month later.

Still reeling from that debacle, the VA announced this week that a PC containing sensitive information on thousands of veterans has gone missing from a VA subcontractor's office in Reston, Va. According to the VA, the computer has password protection but isn't encrypted, and it may have medical information on up to 38,000 people.

Even though a handful of computer virus attacks have made the news during the past few years, their relatively esoteric nature hasn't resonated much with typical consumers. But computer theft and all the identity theft risks it carries surely do. A survey published this week by the Chief Marketing Officer (CMO) Council shows that concerns about such incidents are rising quickly enough to have a potentially major impact on consumer loyalty and business relationships.

The study, "Secure the Trust of Your Brand," was underwritten by Symantec and Factiva and surveyed more than 2,200 consumers. More than half said their security concerns are rising; 40 percent have actually stopped a transaction online, on the phone or in a store due to a security concern; more than one-third would strongly consider taking their business elsewhere if their personal information was compromised; and one-quarter would "definitely" do so if they felt their information was at risk.

After a rocky 2005 in which more than 52 million account records were stolen or misplaced, the CMO Council says the fear of identity theft now outweighs the fear of a terrorist attack in the minds of most people. "These results show that in this digital age, consumer attention is rapidly shifting toward information security, and it's enough to significantly affect brand reputation and value," said Donovan Neale-May, executive director of the CMO Council, in a statement. "Consequently, IT security and integrity offer a new channel for brands to differentiate themselves from their competitors." Solution providers will want to redouble their efforts to make sure their clients have the best security technologies in place and, perhaps more important, have a sound set of enforceable security policies. This isn't always so easy, as a significant portion of customers still think they can cobble together their own security solutions.

"Our biggest competition probably is 'do-it-yourselfers,'" says Dan Foster, vice president of sales at MegaPath Networks, an IP managed services provider in Costa Mesa, Calif. "But if you can show them a turnkey solution that produces reports when a network's been compromised, that's when they tend to get interested."

It's not just the theft of physical devices that businesses should be worrying about.

"Security threats are more varied than ever," says Glenn Groshans, senior director of business operations and alliances for Symantec. "We've gotten good at finding viruses and worms, but more and more people are trying to quietly infiltrate financial systems for their own financial gain."

In the end, any kind of breach that compromises customer information can do irreparable damage to a company's bottom line.

"For an e-business company, security problems are not so much about loss of revenue or theft, because they budget for those kinds of losses," says David Ruhlen, business development manager at Convergint, a physical and IT security solutions provider in Schaumburg, Ill. "Organizations like these cannot tolerate damage to their brand."