Symantec’s State of Security Survey highlights mobile devices, social media and consumerisation worries
Security professionals are most concerned about targeted attacks, external hackers and insider threats, according to a recent report from Symantec. Their jobs are made more challenging by industry trends such as mobile computing, social media and the consumerisation of IT, the survey found.
Nearly 50 percent of IT security professionals said external threats post somewhat or extremely significant risks to the organisation, compared to 46 percent for accidental breaches by well-meaning insiders and 44 percent for malicious insiders, according to Symantec’s 2011 State of Security Survey. Most organisations, on average, ranked cyber-attacks as bigger risks to their businesses than other forms of criminal activity or natural disasters.
Attacks Raising Awareness
Mobile computing, social media and consumerisation of IT were the top three industry trends that are making enterprise IT security more challenging, the survey found. About 41 percent of the respondents also said securing the organisation’s platforms and data was “somewhat” or “significantly more” important than it was 12 months ago.
“Mobile computing, social media use, and the consumerisation of IT are providing new challenges as organisations increase their cyber-security efforts,” said Sean Doherty, vice president and chief technology officer of Enterprise Security at Symantec.
Symantec found that 29 percent of organisations see attacks on a regular basis and 71 percent had been attacked at least once in the past 12 months. The top attack vectors were malicious code, social engineering and other external attacks. A little over a third of the respondents expressed concern about state-sponsored attacks.
Interestingly, the number of organisations reporting attacks in the past 12 months dipped slightly in 2011 to 71 percent compared to 75 percent in 2010. The number of organisations who claimed to see an increase in attacks also declined from 29 percent to 21 percent.
The drop-offs appear to be the result of companies increasing the security staff and budgets, the survey found. About 46 percent of surveyed businesses reported increasing networking and Web security staff. Furthermore, 41 percent planned to increase the budget for network security and Web security and 38 percent for security systems management.
Greater Investment In Security
Organisations are “stepping up” to improve protection, as these industry trends will have long-term effects and will continue to evolve, Desai said. However, a little over half of the organisations said they were dealing with routine security measures and dealing with security breaches while only 45 percent said they were pursuing innovative and cutting-edge security problems.
About 20 percent of organisations reported losing at least $195,000 (£120,000) as a result of a cyber-attack, which included lost revenue and other direct financial costs, reduced stock price, litigation costs, regulatory fines, damage to the brand and customer trust as well as lost productivity and data. About the same number incurred $271,000 (£167,000) or more. Lost productivity and lost revenue accounted for the largest chunk of damages incurred.
Around 92 percent of those said cyber-attacks resulted in downtime, compromised employee data and theft of intellectual property. These losses translated into actual financial loss about 84 percent of the time, the survey found.
Symantec surveyed security professionals at 3,300 global organisations. The survey participants included individuals in charge of IT resources at small businesses and tactical IT staff, strategic IT professionals and C-level executives at large enterprises.