Symantec's State of the Security report highlights how many organizations are responding to the increased popularity of mobile devices and social media with an increase in security staffing.
Security
professionals are most concerned about targeted attacks, external hackers and
insider threats, according to a recent report from Symantec. Their jobs are
made more challenging by industry trends such as mobile computing, social media
and the consumerization of IT, the survey found.
Nearly
50 percent of IT security professionals surveyed said external threats pose
somewhat or extremely significant risks to the organization, compared with 46
percent for accidental breaches by well-meaning insiders and 44 percent for
malicious insiders, according to Symantec's 2011 State of Security Survey,
released Aug. 31. Most organizations on average ranked cyber-attacks as bigger
risks to their businesses than other forms of criminal activity or natural
disasters.
Mobile
computing, social media and consumerization of IT were the top three industry
trends making enterprise IT security more challenging, the survey found. About
41 percent of the respondents also said securing the organization's platforms
and data was "somewhat" or "significantly more" important
than it was 12 months ago.
"Mobile
computing, social media use and the consumerization of IT are providing new
challenges as organizations increase their cyber-security efforts," said Sean
Doherty, vice president and chief technology officer of enterprise security at
Symantec.
Symantec
found that 29 percent of organizations see attacks on their organizations on a
regular basis and 71 percent had been attacked at least once in the past 12
months. The top attack vectors were malicious code, social engineering and
other external attacks. A little over a third of the respondents expressed
concern about state-sponsored attacks.
Interestingly,
the number of organizations reporting attacks in the past 12 months dipped
slightly in 2011 to 71 percent compared with 75 percent in 2010. The number of
organizations that claimed to see an increase in attacks also declined from 29
percent to 21 percent.
The
drop-offs appear to be the result of companies increasing their security staffs
and budgets, the survey found. About 46 percent of surveyed businesses reported
increasing networking and Web security staff. Furthermore, 41 percent planned
to increase the budget for network security and Web security and 38 percent for
security systems management.
Organizations
are "stepping up" to improve protection, as these industry trends
will have long-term effects and will continue to evolve, said Chirantan Desai, senior
vice president of the Endpoint and Mobility Group at Symantec. However, a
little over half of the organizations said they are dealing with routine
security measures and security breaches, while only 45 percent said they are
pursuing innovative and cutting-edge security problems.
About
20 percent of organizations reported losing at least $195,000 as a result of a
cyber-attack, which included lost revenue and other direct financial costs,
reduced stock price, litigation costs, regulatory fines, damage to the brand
and customer trust, as well as lost productivity and data. About the same
number lost $271,000 or more. Lost productivity and lost revenue accounted for
the largest chunk of damages incurred. About 92 percent of those surveyed said
cyber-attacks resulted in downtime, compromised employee data and theft of
intellectual property. These losses translated into actual financial loss about
84 percent of the time, the survey found.
Symantec
surveyed security professionals at 3,300 global organizations. The survey
participants included individuals in charge of IT resources at small businesses
and tactical IT staff, strategic IT professionals and C-level executives at
large enterprises.
Email
Print
