Companies are spending more on IT security, but not necessarily in the right places, according to a CSO Custom Solutions Group study sponsored by Oracle.

The group surveyed 110 companies from various sectors, including financial services, government, and high tech. Research found that more than 67 percent of IT security resources are allocated to protect the network layer, but only 23 percent of spending went to protecting core systems like servers, applications, and databases. That’s despite nearly 66 percent of respondents stating they apply a “security inside out strategy.”

“Organizations can’t continue to spend on the wrong risks and secure themselves out of business,” said Mary Ann Davidson, chief security officer at Oracle, in a statement on the study. “When attackers do break through the perimeter, they can take advantage of weak security controls against the core systems by exploiting privileged user access, vulnerable applications, and accounts with excessive access.”

Davidson also said groups need to strengthen the fundamentals of database security, application security, and identity management.

Other highlights from the study:

• 44 percent of respondents believed that databases were safe because they were installed deep inside the perimeter.
• 90 percent report the same or higher level of IT spending compared to 12 months prior.
• 59 percent of participants plan to increase security spending in the next year.
• 35 percent of organizations, according to the survey, saw spending on security influenced by sensational informational sources rather than real organizational risks.
• 40 percent of respondents said implementing fragmented point solutions created gaps in their security.
• 42 percent of those surveyed said they have more difficulty preventing new attacks than in the past.

(iStockphoto/Thinkstock)