All those highly publisized security breaches at major firms such as Sony, CitiBank, and others may have had one good effect: it called attention to the woefully inadequate counter-measures.
So how are IT managers coping with today’s fast-changing threat landscape? Are they properly protected against the latest data-stealing malware? And would employees report if they compromised corporate data?
To find out these answers and more, Websense Inc. (NASDAQ:WBSN), a content security and data theft protection company, commissioned independent research firm Dynamic Markets to survey 1,000 IT managers and 1,000 non-IT employees in the U.S., UK, Canada, and Australia about the latest threats to corporate and personal security, including modern malware and advanced persistent threats (APTs).
The research reveals that serious data breaches have occurred compromising CEO and other executives’ data, confidential customer data, and data necessary for regulatory compliance.
IT managers are feeling the pressure and saying that data loss incidents put their jobs on the line and that the stress of managing their company confidential data is greater than divorce, managing personal debt, or a minor car accident.
But help is on the horizon as headline-grabbing security incidents have promoted data security talks amongst top management and have driven focus on security, including the need for additional budget. Click here to download the full report entitled Security Pros & ‘Cons’: IT professionals on confidence, confidential data, and today’s cyber-cons.
Stress of Security
- Data breaches put IT jobs on the line. 86 percent said that their job would be at risk if a security incident were to occur, including if a CEO or other executive’s confidential data is breached (36 percent); data needed for compliance is lost (34 percent); and if confidential information is posted on a social networking site (34 percent).
- Confidential data breaches. Shockingly, a full 24 percent reported that the CEO’s or other executives’ confidential data had been breached. 34 percent report losing data needed for compliance. 34 percent state that confidential information has been posted on a social networking site and 37 percent say that data has been lost by employees.
- Hidden data loss and social media risks. 20 percent stated that data affected by regulatory compliance was compromised. 20 percent have seen confidential information posted on social networking sites. 34 percent of employees who accidentally compromise data wouldn’t tell their boss.
- 72 percent say protecting company data is more stressful than getting a divorce, managing personal debt, or being in a minor car accident. 14 percent say losing their job would be less stressful than staying in their current role.
- Necessary but not sufficient. There are indications that antivirus and firewall solutions may have been oversold as a panacea, creating a false sense of security. While AV and firewalls are still certainly necessary, they are not sufficient to stop modern malware and advanced data-stealing attacks.
- Only 48 percent of respondents use systems that prevent confidential data from being uploaded to the web. Yet 60 percent worry about advanced persistent threats and 19 percent said they have been a victim of this type of attack.
- Only two percent of respondents had a DLP solution that protects their data at rest, in use, and in motion. However, as a result of recent high-profile data breaches, 23 percent began or accelerated a data loss prevention project.
Hope on the Horizon
- Data security talk now involves top management. 91 percent of IT security managers report that new levels of management have engaged in data security conversations in the last year, including the head of IT (43 percent), managing director (38 percent), and CEO (33 percent). This means that until recently, the head of IT was often notinvolved.
- Headline-grabbing security incidents are impacting IT planning. More than 60 percent of IT managers concede that recent well-publicized security incidents have affected their planning. Most have made multiple changes: more than 40 percent have increased spending, focused attention internally on testing and overhauling existing policies, have implemented new solutions, and imposed new restrictions on users. Nearly a quarter have begun or accelerated a full DLP project.
- Hactivism – cyberhacking for political or social purposes seeing dramatic rise
- Majority of Americans think people share confidential company info
- Recent corporate data breaches could have been prevented
- Employee behavior blamed for most security breaches
- Study says: Companies still struggle to protect consumer data
© 2011, TechJournal. All rights reserved.