Security professionals claim to be concerned about targeted attacks but continue to allow employees to indulge in risky behavior, according to a new Bit9 report.
While security professionals are
worried about targeted attacks against their company, IT professionals are not
putting enough safeguards in place to defend against them, according to a new
report. In many businesses, employees are allowed to indulge in risky IT
security behavior even through it leads to data breaches from the outside.
About 60 percent of IT and security
professionals in the United States, Canada and Europe claimed their main
concern was being hit by an advanced persistent threat (APT), according to the
Bit9 Endpoint Security Survey, released Aug. 30. Insider threats, such as an
employee posting sensitive information to external sites such as WikiLeaks
were the second most important, at 28 percent.
Company executives were worried about
targeted attacks, similar to the tactics used against RSA
and some defense
earlier this year, the survey found.
The Bit9 report also found that 26
percent of organizations were worried about vendor partners being compromised,
such as what happened with Epsilon
and other smaller
earlier this year. Finally, a quarter of the respondents were
worried about a cloud application breach, similar to what happened with various
Sony properties this spring.
However, the survey found a significant
disconnect between these concerns and what businesses were doing to protect
themselves against dirty software or malware from infecting their systems.
Half the companies surveyed either had
an open software environment, which allows employees to download and install
whatever software they wanted, or relied on an "honor system" for
employees to comply with written policy regarding unauthorized software
These companies did not have any
mechanisms in place to enforce their own security policies or monitor what was
being installed. In fact, 51 percent of the companies had an open environment,
Bit9 found. The most common unauthorized applications on endpoints were digital
music sites like iTunes, social media and instant messaging software.
"Companies are increasingly
worried about advanced persistent threat attacks, but they continue to engage
in risky behaviors," said Tom Murphy, chief strategy officer of Bit9.