In a year that IT security experts have labeled the “Year of the Hack,” Bit9’s Third Annual Endpoint Survey of 765 IT executives revealed that Advanced Persistent Threat (APT) attacks -- like the one that infiltrated RSA, a division of EMC, and defense contractors this year – are of most concern to IT and security professionals.
However, despite the concerns about APT attacks, the survey also showed that executives are not doing enough to protect against unauthorized software and malware from infecting their desktops, laptops and servers.
Sixty percent of the respondents said they are concerned about APT attacks, more than double the next closest response, showing the growing anxiety among IT executives around modern threats. The second biggest hacking concern among IT executives, at 28 percent, is having one of their own employees steal company data and posts it online, much like what happened at the Department of Defense (DoD) with WikiLeaks. In third place, at 26 percent, are concerns around a vendor partner being hacked, much like what happened to Epsilon earlier this year. And in fourth place, at 25 percent, are concerns over a cloud application breach, much like what happened with Sony.
While worry remains high around cyber security breaches, the survey also showed a surprising 60 percent of the IT executives use either a written policy based on an “honor system,” or have an open software environment without a security policy in place. However, risky behavior doesn’t stop there. A narrow majority of companies surveyed (51 percent) said they allow their employees to download and install software.
The companies that allow employees to download software often find digital music sites like iTunes, social media sites and instant messaging software on it endpoints. Additionally, almost 80 percent of companies allow employees to use removable storage devices, exposing companies to the loss of sensitive data and intellectual property while increasing exposure to malware.
Additional findings from the survey include:
-- Companies continue to allow employees to engage in risky behaviors: IT executives have become even more hands-off in their software usage policy over the past three years, with 51 percent of respondents admitting that users have full rights to download and install applications. These relaxed download policies have increased 12 percent from 2010 when 39 said they did not have a policy that prohibits employee downloads. That figure increased by 22 percent from 2009 figures. Additionally, nearly 30 percent of IT executives allow the use of personal mobile devices at work that connects to the company Intranet.
-- Endpoint security failures can take down networks: While the majority said they have not experience network outages due to unauthorized software or malware, almost 20 percent of IT executives admit that unusual software found on the endpoint has resulted in crashing the company’s networks. These crashes meant lost productivity. Of those who experienced downtime, 30 percent said the crashes took down their network for 3-6 hours and 89 percent said the crashes lasted two hours or less.
-- Successful breach of company’s inbox stirs emotions: More than a quarter of IT executives would be mildly embarrassed by a breach exposing their company’s inbox, while more than half admitted to being mortified. Most noteworthy is that seven percent claim that their company would be out of business if such a breach would occur.
More information on IT can be found at www.SupportIndustry.com.
No comments:
Post a Comment