Posts Tagged ‘Symantec’
Tuesday, December 18th, 2012
What do you do if you have a bad experience with a company? Do you stop doing business with it? Do you complain on Twitter or Facebook?
When consumers have a bad experience with some firms, they will completely stop spending their money with them, while some others get a bit more leeway. So says Temkin’s “What Happens After A Good or Bad Experience?”
The study, based on a survey of 5,000 U.S. consumers, analyzes feedback and purchase behaviors after good and bad experiences.
A number of tech companies and online retailers have racked up a substantial number of bad experiences or negative social media comments, including Best Buy, eBay, Symantec, Tracphone and ISPs.
The report shows that consumers encounter bad experiences most frequently with TV service providers, retailers, and Internet service providers, but report the fewest bad experiences with grocery chains. Consumers respond differently to bad experiences across the 19 industries in the study.
More than one-third of consumers who had a bad experience with a rental car agency, credit card issuer, computer company, or auto dealer completely stopped spending with the company.
Responding to complaints important
Fortunately for retailers and Internet service providers, their customers are the least likely to abandon them after a bad experience.
The research also examines how consumers respond to a company’s service recovery efforts. When consumers feel that a company responded very poorly after a bad experience, almost three-quarters of them stopped or decreased their spending with the company.
That could be bad news for the many companies that fail to respond to Tweets on their account.
On the other hand, when companies had a very good response, less than one out of five decreased their spending and more than one-third increased their spending.
“Every company delivers some bad experience, but the good ones build loyalty by quickly responding to these issues and learning from their mistakes,” states Bruce Temkin , Customer Experience Transformist & Managing Partner of Temkin Group.
Here are some additional findings in the report:
- ING Direct, Holiday Inn Express, Whole Foods, and Holiday Inn have the fewest occurrences of bad experience, while Best Buy, QVC, Gap, and eBay have the most.
- More consumers give feedback directly to the company after a very bad experience than they do after a very good experience.
Just call me Larry.
The use of Twitter to communicate about a very bad experience has more than doubled over the last year. Consumers who earn at least $100,000 are more than twice as likely to tweet about a bad experience than those making $50,000 or less.
- More than one-third of consumers between the ages of 18 and 24 write about their good and bad experiences on Facebook.
- Cox Communications, Symantec, ING Direct, and TracFone are the most likely to have negatively biased comments on Facebook, while Cablevision, AOL, Kaiser Permanente, and Holiday Inn are the most likely to have positively biased comments.
- Verizon and GE are the most likely to have negatively biased comments on Twitter, while Avis and Edward Jones are most likely to have positively biased tweets.
The report “What Happens After A Good or Bad Experience?” can be downloaded from the Customer Experience Matters blog, at ExperienceMatters.wordpress.com
Monday, October 15th, 2012
This is worrisome: more than three-quarters of small businesses surveyed by Symantec think they are safe from cybersecurity threats, yet 83 percent have no formal cybersecurity plan.
These findings are from a new survey released today of 1,015 U.S. small- and medium-sized businesses (SMBs) by the National Cyber Security Alliance (NCSA) and Symantec. (The full survey is available at: http://www.staysafeonline.org/stay-safe-online/resources/)
The survey findings reveal some disparities such as the need for establishing Internet security policies and practices, handling and responding to data breaches, and providing consistent IT/security management at their businesses. Although SMBs increasingly rely on the Internet for daily operations, they are not taking the necessary measures to keep their businesses safe and secure:
- A Majority of SMBs Believe Security Is Critical to Their Success and Brand: Seventy-three percent of SMBs say a safe and trusted Internet is critical to their success, and 77 percent say a strong cybersecurity and online safety posture is good for their company’s brand.
- SMBs Unprepared to Handle Data Breach Losses: Nearly six out of 10 (59 percent) SMBs do not have a contingency plan outlining procedures for responding and reporting data breach losses.
- Two-thirds of SMBs Aren’t Concerned About Cyber Threats: Sixty-six percent of SMBs are not concerned about cyber threats – either external or internal. External threats include a hacker or cyber-criminal stealing data while internal threats include an employee, ex-employee, or contractor/consultant stealing data.
“It’s terrifying that the majority of U.S. small businesses believe their information is protected, yet so many do not have the required policies or protection in place to remain safe,” said Brian Burch , vice president of Americas Marketing for SMB, at Symantec. “Almost 40 percent of the over 1 billion cyberattacks Symantec prevented in the first three months of 2012 targeted companies with less than 500 employees. And for the small, poorly protected companies that suffer an attack, it’s often fatal to their business.”
Michael Kaiser , executive director of the National Cyber Security Alliance warns, “A data breach or hacking incident can really harm SMBs and unfortunately lead to a lack of trust from consumers, partners and suppliers. Small businesses must make plans to protect their businesses from cyber threats and help employees stay safe online.”
Additional survey findings revealed the disparities between online safety perceptions and actual practices, which include:
- Employee Internet Security Policies, Procedures Lacking for SMBs: Eighty-seven percent of SMBs do not have a formal written Internet security policy for employees, while 69 percent do not even have an informal Internet security policy. While social media is an increasingly popular vector for phishing attacks, 70 percent of SMBs do not have policies for employee social media use.
- SMBs Satisfied with their Online Safety Posture Despite Lack of Policies/Plans: Eighty-six percent of SMBs say they are satisfied with the amount of security they provide to protect customer or employee data. Additionally, 83 percent strongly or somewhat agree that they are doing enough or making enough investments to protect customer data. Yet, Visa Inc. reports small businesses represent more than 90 percent of the payment data breaches reported to the company.
On a positive note, companies born of the recession are leading by example. Companies born since 2008 are almost 20 percent more likely than older small businesses to have a written plan in place for keeping their business secure from cyber threats.
Monday, September 17th, 2012
A whopping 79 percent of organizations report increasing complexity in the data center, according to the results of Symantec’s 2012 State of the Data Center Survey.
What is driving that increasing data center complexity? The survey says 44% of organizations cite mobile computing as a top driver.
“As today’s businesses generate more information and introduce new technologies into the data center, these changes can either act as a sail to catch the wind and accelerate growth, or an anchor holding organizations back,” said Brian Dye, vice president, Information Intelligence Group, Symantec Corp.
“The difference is up to organizations, which can meet the challenges head on by implementing controls such as standardization or establishing an information governance strategy to keep information from becoming a liability.”
Data Center Complexity Pervasive
Organizations of all sizes, industries and regions report increasing complexity within the data center. According to the survey, data center complexity impacts all areas of computing, most notably security and infrastructure, as well as disaster recovery, storage and compliance.
Several factors are driving data center complexity. Respondents reported they are dealing with an increasing number of applications that they consider to be business-critical.
Sixty-five percent said the number of business-critical applications is increasing or increasing greatly. Other key drivers of data center complexity include the growth of strategic IT trends such as mobile computing (cited by 44 percent of respondents), server virtualization (43 percent), and public cloud (41 percent).
The survey revealed that the effects of growing data center complexity are far reaching. The most commonly mentioned impact is higher costs, with nearly half of the organizations citing it as an effect of complexity.
Other impacts include reduced agility (39 percent), longer lead times for storage migration (39 percent) and provisioning storage (38 percent), security breaches (35 percent), and downtime (35 percent).
The typical organization experienced an average of 16 data center outages in the past 12 months, at a total cost of $5.1 million. The most common cause was systems failures, followed by human error, and natural disasters.
IT Taking Steps to Alleviate Complexity
According to the survey, organizations are implementing several measures to reduce complexity, including training, standardization, centralization, virtualization, and increased budgets. In fact, 63 percent of respondents consider increasing their budget to be somewhat or extremely important to dealing with data center complexity. However, the single biggest initiative organizations are undertaking is to implement a comprehensive information governance strategy.
Following are some recommendations that IT can try to mitigate the effects of data center complexity.
- Establish C-level ownership of information governance. Start with high-ROI projects like data loss prevention, archiving and eDiscovery to preserve critical information, find what you need and delete the rest.
- Get visibility beyond platforms. Understand the business services that IT is providing and all of the dependencies to reduce downtime and miscommunications.
- Understand what IT assets you have, how they are being consumed, and by whom. This will help cut costs and risk. The organization won’t buy servers and storage it doesn’t need, teams can be held accountable for what they use, and the company can be sure it isn’t running out of capacity.
- Reduce the number of backup applications to meet recovery SLAs and reduce capital expenses, operating expenses and training costs.
- Deploy deduplication everywhere to help address the information explosion and reduce the rising costs associated with backing up data.
- Use appliances to simplify backup and recovery operations across physical and virtual machines.
Read more detailed blog post:
Monday, July 23rd, 2012
Do you update your security products and other software when prompted? We do, but many people globally do not, thus unnecessarily exposing their equipment to cyber criminals, viruses, trojans, and other malware, as well as missing out on bug fixes.
Skype has launched the International Technology Upgrade Week (ITUW), a global initiative joined by Norton by Symantec and TomTom to encourage consumers to regularly download free software updates to their computers, smartphones and tablets and other portable devices, likeGPS units.
The prime focus of International Technology Upgrade Week is to directly address consumers’ concerns and educate them on the value of keeping their software up to date, especially when many updates are free.
Need is apparent: many don’t update
The need for this initiative is readily apparent, as a recent survey of American, British and German consumers revealed that 40 percent of adults don’t always update software on their computers when initially prompted to do so.
In each country, approximately one quarter of those surveyed said they don’t clearly understand what software updates do and an equal percentage of consumers don’t understand the benefits of updating regularly.
In looking at the impact of automatic update notifications, the survey found that while three quarters of adults received notifications on their computers telling them to update their software, more than half said they needed to see a prompt between two and five times before downloading and installing an update.
Even for those consumers who recognized the benefits of upgrading, one quarter didn’t know how to check if their installed software even needs updating.
“Here at Skype, we are constantly getting feedback from our users and making improvements to Skype every day,” said Linda Summers, Director of Product Marketing at Skype.
“Only by regularly upgrading, are consumers able to enjoy the benefits of improved voice and video calling quality, longer mobile battery life and bug fixes, in addition to new features that we regularly add across our product portfolio, like Photo Sharing on mobile, or Group Video Calling and Group Screen Sharing on a computer.”
Symantec, the maker of Norton security software, recently reported blocking more than 5.5 billion malicious attacks in 2011, an increase of 81 percent over the previous year.
Having the protection of a powerful security suite in this environment is essential – regardless of device or platform.
Across all regions surveyed, more men than women upgrade software when prompted to and said that they have updated software within the last week.
When asked for their top reasons for either downloading or not downloading updates, consumers across geographies offered the following responses:
Top Reasons for Updating
Top Reasons for Not Updating
|Keeping computers safe from viruses/hackers
||Worried about computer security, so I don’t download everything I’m prompted to
|Ensures software is free of bugs and crashes less often
||There are no real benefits in doing it
|Having the latest and greatest software features
||Upgrades take too long
|Upgrades are often free
||Lack of understanding about what the update(s) will do
Tuesday, July 10th, 2012
The June 2012 Symantec Intelligence Report shows that 36 percent of all targeted attacks (58 per day) during the last six months were directed at businesses with 250 or fewer employees. As reported in the recent ISTR, this figure was 18 percent at the end of December 2011.
During the first half of the year, the total number of daily targeted attacks continued to increase at a minimum rate of 24 percent with an average of 151 targeted attacks being blocked each day during May and June.
Large enterprises consisting of more than 2,500 employees are still receiving the greatest number of attacks, with an average 69 being blocked each day.
“There appears to be a direct correlation between the rise in attacks against smaller businesses and a drop in attacks against larger ones. It almost seems attackers are diverting their resources directly from the one group to the other,” said Paul Wood, cyber security intelligence manager, Symantec.
“It may be that your company is not the primary target, but an attacker may use your organization as a stepping-stone to attack another company.
“You do not want your business to be the weakest link in the supply chain. Information is power, and the attackers know this, and successful attacks can result in significant financial advantage for the cyber criminals behind them. Access to intellectual property and strategic intelligence can give them huge advantages in a competitive market,” Wood said.
The Defense industry (a sub category of the Public Sector) has been the targeted industry of choice in the first half of the year, with an average of 7.3 attacks per day.
The Chemical/Pharmaceutical and Manufacturing sector maintain the number two and three spots. These targets have clearly received a smaller percentage of overall attention than in 2011, but the Chemical/Pharmaceutical sector is still hit by 1 in every 5 targeted attacks, while Manufacturing still accounts for almost 10% of all targeted attacks.
“It is important to remember that although on the increase, targeted attacks are still very rare. Targeted attacks use customized malware and refined targeted social engineering to gain unauthorized access to sensitive information. We regard this as the next evolution of social engineering, where victims are researched in advance and specifically targeted,” Wood added.
Other Report Highlights:
Spam: In June, the global ratio of spam in email traffic fell by 1.0 percentage point since May, to 66.8 percent (1 in 1.5 emails). This follows the continuing trend of global spam levels diminishing gradually since the latter part of 2011.
Phishing: In June, the global phishing rate increased by 0.04 percentage points, taking the global average rate to one in 467.6 emails (0.21 percent) that comprised some form of phishing attack.
E-mail-borne Threats: The global ratio of email-borne viruses in email traffic was one in 316.5 emails (0.31 percent) in June, an increase of 0.04 percentage points since May. In June, 27.4 percent of email-borne malware contained links to malicious Web sites, 1.2 percentage points lower than May.
Web-based Malware Threats: In June, Symantec Intelligence identified an average of 2,106 Web sites each day harboring malware and other potentially unwanted programs including spyware and adware; an decrease of 51.7 percent since May.
Endpoint Threats: The most frequently blocked malware for the last month was WS.Trojan.H1. WS.Trojan.H is a generic, cloud-based, heuristic detection for files that possess characteristics of an as-yet unclassified threat.
Tuesday, March 20th, 2012
Negligent insiders are the top cause of data breaches while malicious attacks are 25 percent more costly than other types, according to the findings of the 2011 Cost of Data Breach Study: United States, released by Symantec and the Ponemon Institute.
The study also found organizations which employ a chief information security officer (CISO) with enterprise-wide responsibility for data protection can reduce the cost of a data breach by 35 percent per compromised record.
The organizational cost of a data breach was $5.5 million last year. The seventh annual Ponemon Cost of a Data Breach report is based on the actual data breach experiences of 49 U.S. companies from 14 different industry sectors.
“This year’s report shows that insiders continue to pose a serious threat to the security of their organizations,” said Francis deSouza, group president, Enterprise Products and Services, Symantec Corp.
“This is particularly true as the increasing adoption of tablets, smart phones and cloud applications in the workplace means that employees are able to access corporate information anywhere, at any time. It is essential for companies to put the proper information protection policies and procedures in place to counterbalance these new realities.”
Additional key findings from the report include:
- Negligent insiders and malicious attacks are the main causes of data breach. Thirty-nine percent of organizations say negligence was the root cause of the data breaches. For the first time, malicious or criminal attacks account for more than a third of the total breaches reported in this study. Since 2007, they also have been the most costly breaches. Accordingly, organizations need to focus on processes, policies and technologies that address threats from the malicious insider or hacker.
- Certain organizational factors reduce the overall cost. If the organization has a CISO with overall responsibility for enterprise data protection the average cost of a data breach can be reduced as much as $80 per compromised record. Outside consultants assisting with the breach response also can save as much as $41 per record. When considering the average number of records lost or stolen, all of these factors can provide significant and positive financial benefits.
- Specific attributes or factors of the data breach also can increase the overall cost. For example, in this year’s study organizations that had their first ever data breach spent on average $37 more per record. Those that responded and notified customers too quickly without a thorough assessment of the data breach also paid an average of $33 more per record. Data breaches caused by third parties or a lost or stolen device increased the cost by $26 and $22, respectively.
- Detection and escalation costs declined but notification costs increased. Detection and escalation costs declined from approximately $460,000 in 2010 to $433,000 in 2011. These costs refer to activities that enable a company to detect the breach and whether it occurred in storage or in motion.
- More customers remain loyal following the data breach. For the first time, fewer customers are abandoning companies that have a data breach. However, certain industries are more susceptible to customer churn, which causes their data breach costs to be higher than the average. Taking steps to keep customers loyal and repair any damage to reputation and brand can help reduce the cost of a data breach.
- The cost of data breach declined. For the first time in seven years, both the organizational cost of data breach and the cost per lost or stolen record have declined. The organizational cost has declined from $7.2 million to $5.5 million and the cost per record has declined from $214 to $194.
“One of the most interesting findings of the 2011 report was the correlation between an organization having a CISO on its executive team and reduced costs of a data breach,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute.
“As organizations of all sizes battle an uptick in both internal and external threats, it makes sense that having the proper security leadership in place can help address these challenges.”
Wednesday, March 14th, 2012
Frost & Sullivan has named recipients of its 2012 Excellence in Best Practices Awards. The Excellence in Best Practices Awards are presented each year to companies that are predicted to encourage significant growth in their industries, have identified emerging trends before they became the standard in the marketplace, and have created advanced technologies that will catalyze and transform industries in the near future.
Awarded companies included:
|Acuo Technologies – 2011 North American Medical Imaging Informatics Product Leadership Award
|Agilent Technologies – 2011 Global Oscilloscopes Company of the Year Award
|ALI Solutions – 2011 North American Outbound Customer Contact Solutions Customer Value Enhancement Award
|Amdocs Management LTD. – 2011 Global CSP Billing – Rating & Charging & Other Core Billing Market Share Leadership Award; 2011 Global CSP Billing – Total Billing Market Share Leadership Award
|Avaya – 2011 Global Unified Communications Technologies Customer Value Enhancement Award; 2011 North American Enterprise Session Management Product Differentiation Excellence Award
|Avistar Communications – 2011 Global Desktop Videoconferencing New Product Innovation Award
|BK Medical Analogic Ultrasound Group – 2011 North American Surgical Ultrasound Product Differentiation Excellence Award
|Celestica - 2011 Global Aerospace & Defense EMS Customer Value Enhancement Award
|CenturyLink – 2011 North American Connected Home Landline Customer Value Enhancement Award; 2012 North American Retail Mid-Band Ethernet Services Customer Value Enhancement Award
|Cisco – 2012 Global Satellite Transponder Technology Innovation Award
|Clarity International - 2011 Global Network Services Business Quality Management Technology Innovation Award
|Compuware Corporation – 2011 Global Cloud-Based Application Monitoring Company of the Year Award
|Comverse – 2011 Global Communications Service Provider Billing Product Line Strategy Award
|Contact Solutions – 2011 North American Hosted IVR Applications Product Differentiation Excellence Award
|Courtagen Life Sciences, Inc. – 2011 North American Clinical Diagnostic Tools New Product Innovation Award
|DigiCert, Inc. – 2011 North American SSL Certificate Customer Value Enhancement Award
|DigitalRoute - 2011 Global CSP Billing Mediation Competitive Strategy Innovation Award
|Electro Rent Corporation – 2012 North American Rental, Used and New Test Equipment Sales Company of the Year Award
|Enterasys Networks – 2012 Global Network Access Control Customer Value Enhancement Award
|ForeScout Technologies, Inc. – 2012 Global Network Access Control Technology Innovation Award
|Getaround – 2011 North American Carsharing Enabling Technology Award
|GreatCall - 2011 North American mHealth Customer Service Leadership Award
|HealthOneMed – 2012 North American Medication Management Systems New Product Innovation Award
|Heckmann Corporation – 2011 North American Private Commercial Fleet Green Excellence Award
|Hipcricket – 2011 North American Mobile Marketing Customer Value Enhancement Award
|InterCall – 2011 North American Audio Conferencing Service Market Share Leadership Award
|Interstate Battery System of America, Inc. – 2011 U.S. Automotive Technicians’ Choice: Overall Best Brand of Automotive Batteries
|LifeSize Communications - 2011 Global Enterprise Video Webcasting Solutions Customer Value Enhancement Award
|Michelin Americas Truck Tires – 2011 North American Wide-Base Truck Tires Product Line Strategy Award
|Monitronics International - 2011 North American Residential Alarm Monitoring Company of the Year Award
|MPDV Mikrolab GmbH – 2011 Global Manufacturing Execution Systems Customer Value Enhancement Award
|NAPA – 2012 United States Automotive Technicians’ Choice: Overall Best Program Distributor for Replacement Parts
|Nuspire – 2011 North American Managed Security Service Providers Entrepreneurial Company of the Year Award
|OpenText Corporation – 2011 Global Digital Media Management and Workflow Company of the Year Award
|Pedigree Technologies - 2011 North American M2M-Based Fleet Management Software New Product Innovation Award
|PGi – 2011 North American CSP-Based Videoconferencing Services Product Line Strategy Award
|QlikTech, Inc. – 2011 North American Health Data Analytics Technology Innovation Award
|Recognition Technologies, Inc. – 2011 North American Speaker Verification Biometrics New Product Innovation Award
|SafeNet – 2011 Global Software License Management Product Line Strategy Award
|Sagent Pharmaceuticals, Inc. – 2011 North American Finished Heparin Product Quality Leadership Award
|Senscient, Inc. – 2011 North American Gas Detection Entrepreneurial Company of the Year Award
|Siemens Enterprise Communications – 2011 Global Unified Communications Technologies Healthcare Product Line Strategy Award
|Somnetics International, Inc. – 2012 North American Sleep Disordered Breathing Product Differentiation Excellence Award
|Symantec Corporation – 2011 U.S. Cyber Security Managers’ Choice Award: Most Trustworthy Brand of Website Certification
|Toon Boom Animation Inc. – 2011 Global Animation Software Entrepreneurial Company of the Year Award
|Tridium – 2011 North American Integrated Building Systems and Services Customer Value Enhancement Award
|Velocent Systems – 2011 North American Mobile Broadband Service Assurance Customer Value Enhancement Award
Wednesday, February 22nd, 2012
The Symantic 2012 State of Mobility Survey revealed a global tipping point in mobility adoption.
The survey highlighted an uptake in mobile applications across organizations with 71 percent of enterprises at least discussing deploying custom mobile applications and one-third currently implementing or have already implemented custom mobile applications.
Take a look at this infographic on the survey results.
Despite this adoption, almost half (48 percent) of survey respondents mentioned that mobility is somewhat to extremely challenging and a further 41 percent of survey respondents identified mobile devices as one of their top three IT risks.
Yet in the face of these challenges, IT is striking a balance between mobile benefits and risks by transforming its approach to mobility to deliver improved business agility, increased productivity and workforce effectiveness.
“We are impressed by the pace of mobile application adoption within organizations,” said CJ Desai, senior vice president, Endpoint and Mobility Group, Symantec.
“This cultural change from refusing mobile devices not long ago, to actively distributing and developing mobile applications, has introduced a new set of challenges and complexities for IT staff. Encouragingly, from a security perspective, a majority of organizations are thinking beyond the simple case of lost or stolen mobile phones.”
Read more detailed blog posts:
The State of Mobility Survey reveals the challenges organizations are grappling with in accommodating the mobility tipping point and also identifies and quantifies mobility-associated risks as perceived by IT decision makers. In this survey, more than 6,000 organizations from 43 countries bring to light the change in the usage of mobile devices and mobile applications.
Mobile Devices Now Critical Business Tools
The significant adoption of mobile applications demonstrates remarkable confidence, by organizations, in the ability for mobility to deliver value. This confidence is further supported by a rare alignment between expectations and reality.
Generally, the gains expected from new technologies far exceed the reality upon implementation. However, for the smartphones and tablets currently in use, 70 percent of those surveyed expected to see increased employee productivity, yet 77 percent actually saw productivity gains after implementing.
Furthermore, 59 percent of respondents are now relying on mobile devices for line-of-business applications, another sign that mobility has graduated to mainstream status.
Mobile Initiatives Significantly Impacting IT Resources
As with the adoption of any new technology, mobility is challenging IT organizations. Almost half (48 percent) of respondents mentioned that mobility is somewhat to extremely challenging, while two thirds noted that reducing the cost and complexity is one of their top business objectives.
In Symantec’s view, this increased pain level indicates the transition from small pilots and tactical implementations — where policies are often bypassed and exceptions are made — to enterprise-wide deployments where policy standards across a larger scale introduce greater complexity.
This also suggests that many implementations are not yet taking sufficient advantage of their existing enterprise systems and processes, which would alleviate much of the pain and cost that comes with larger scale and resource duplication.
Mobility Risks Impacting Organizations
Mobile adoption is not without risks, and IT organizations recognize this challenge. Approximately three out of four organizations indicate maintaining a high level of security is a top business objective for mobility and 41 percent identified mobile devices as one of the top three IT risks, making it the leading risk cited by IT.
Concerns are wide-ranging, from lost and stolen devices, data leakage, unauthorized access to corporate resources and the spread of malware infections from mobile devices to the company network.
With mobile devices now delivering critical business processes and data, the cost of security incidents can be significant. The average annual cost of mobile incidents for enterprises, including data loss, damage to the brand, productivity loss, and loss of customer trust was USD$429,000 for enterprise. The average annual cost of mobile incidents for small businesses was USD$126,000.
Organizations that choose to embrace mobility, without compromising on security, are most likely to improve business processes and achieve productivity gains. To this end, organizations should consider developing a mobile strategy that defines the organization’s mobile culture and aligns with their security risk tolerance.
Some key recommendations include:
- Enable broadly: Mobility offers tremendous opportunities for organizations of all sizes. Explore how you can take advantage of mobility and develop a phased approach to build an ecosystem that supports your plan. To get the most from mobile advances, plan for line-of-business mobile applications that have mainstream use. Employees will use mobile devices for business one way or another — make it on your terms.
- Think strategically: Build a realistic assessment of the ultimate scale of your mobile business plan and its impact on your infrastructure. Think beyond email. Explore all of the mobile opportunities that can be introduced and understand the risks and threats that need to be mitigated. As you plan, take a cross-functional approach to securing sensitive data no matter where it might end up.
- Manage efficiently: Mobile devices are legitimate endpoints that require the same attention given to traditional PCs. Many of the processes, policies, education and technologies that are leveraged for desktops and laptops are also applicable to mobile platforms. So the management of mobile devices should be integrated into the overall IT management framework and administered in the same way — ideally using compatible solutions and unified policies. This creates operational efficiencies and lowers the total cost of ownership.
- Enforce Appropriately: As more employees connect their personal devices to the corporate network, organizations need to modify their acceptable usage policies to accommodate both corporate-owned and personally-owned devices. Management and security levers will need to differ based on ownership of the device and the associated controls that the organization requires. Employees will continue to add devices to the corporate network to make their jobs more efficient and enjoyable so organizations must plan for this legally, operationally and culturally.
- Secure comprehensively: Look beyond basic password, wipe and application blocking policies. Focus on the information and where it is viewed, transmitted and stored. Integrating with existing data loss prevention, encryption and authentication policies will ensure consistent corporate and regulatory compliance.
Thursday, December 1st, 2011
Enterprises are securing data with encryption in more places than ever. However, the survey discovered that encryption solutions are fragmented, creating risk for organizations from the lack of centralized control of access to sensitive information and disrupting critical processes such as e-discovery and compliance monitoring.
So says the Symantic Corp. 2011 Enterprise Encryption Trends Survey.
It adds that the inability to access important business information due to fragmented encryption solutions and poor key management is costing each organization an average of $124,965 per year.
“While many organizations understand the importance of encrypting their data, issues with key management and multiple point products can give them inconsistent visibility into what has been protected,” said Joe Gow, director, product management, at Symantec. ”
As the Enterprise Encryption Trends survey demonstrates, encryption needs to evolve from a fragmented protection historically implemented at the line of business level to a capability that is managed as a core component of organizations’ IT security operations.”
- Encryption use is growing rapidly but fragmented. Forty-eight percent of enterprises increased their use of encryption over the past two years. The respondents state that almost half of their data is now encrypted at some point in its lifecycle. The typical organization reports they have five different encryption solutions deployed.
- Use of encryption in rogue projects. According to the survey, one-third of respondents said unapproved encryption deployment is happening on a somewhat to extremely frequent basis. Because these projects are not necessarily following the company’s best practices, 52 percent of organizations have experienced serious issues with encryption keys including lost keys (34 percent) and key failure (32 percent). In addition, 26 percent have had former employees who have refused to return keys.
- Organizations express concerns about key management. Organizations are not very confident in their ability to effectively manage encryption keys. Forty percent are less than somewhat confident they can retrieve keys. Thirty-nine percent are less than somewhat confident they can protect access to business information from disgruntled employees.
- Encryption point product issues costing enterprises. All of the organizations reporting encryption key issues incurred some sort of related costs. The most common costs include inability to meet compliance requests (48 percent), inability to respond to eDiscovery requests (42 percent), and inability to access important business information (41 percent). In addition, the average loss from encryption-related issues is $124,965 per year.
Symantec recommends the following for organizations to build a plan that avoids some of the pitfalls seen by the survey respondents.
- Understand the lifecycle for encryption processes and anticipate challenges involved with protecting data in an increased number of places.
- Plan a data recovery process that meets your organization’s needs and accounts for the ability to sever access to data in cases of disgruntled employees and former employees.
- Build a plan for consistent enterprise-wide encryption and key management prior to deploying encryption.
- Encrypt assets, starting with email, laptops and mobile devices, before experiencing a data breach.
- Anticipate the effects of mobility and cloud computing and the need to encrypt data stored outside of the enterprise, including file shares and cloud storage.
Wednesday, September 7th, 2011
For the first time a Norton study calculates the cost of global cybercrime: $114 billion annually.(i) Based on the value victims surveyed placed on time lost due to their cybercrime experiences, an additional $274 billion was lost.(ii).
With 431 million adult victims globally in the past year and at an annual price of $388 billion globally based on financial losses and time lost, cybercrime costs the world significantly more than the global black market in marijuana, cocaine and heroin combined ($288 billion).(iii)
According to the Norton Cybercrime Report 2011 more than two thirds of online adults (69 percent) have been a victim of cybercrime in their lifetime. Every second 14 adults become a victim of cybercrime, resulting in more than one million cybercrime victims every day.(iv) For the first time, the Norton Cybercrime Report reveals that 10 percent of adults online have experienced cybercrime on their mobile phone.
In fact, the Symantec Internet Security Threat Report, Volume 16(v) reported there were 42 percent more mobile vulnerabilities in 2010 compared to 2009 – a sign that cybercriminals are starting to focus their efforts on the mobile space. The number of reported new mobile operating system vulnerabilities increased, from 115 in 2009 to 163 in 2010. In addition to threats on mobile devices, increased social networking and a lack of protection are likely to be some of the main culprits behind the growing number of cybercrime victims.
Male, Millennial, Mobile
The study identifies men between 18 and 31 years old who access the Internet from their mobile phone as even more likely victims: in this group four in five (80 percent) have fallen prey to cybercrime in their lifetime. Globally, the most common – and most preventable – type of cybercrime is computer viruses and malware with 54 percent of respondents saying they have experienced it in their lifetime.
Viruses are followed by online scams (11 percent) and phishing messages (10 percent). Earlier this year the Symantec Internet Security Threat Report, Volume 16, found more than 286 million unique variations of malicious software (“malware”) compared to the 240 million reported in 2009, representing a 19 percent increase.(vi)
“There is a serious disconnect in how people view the threat of cybercrime,” said Adam Palmer, Norton Lead Cybersecurity Advisor. “Cybercrime is much more prevalent than people realize. Over the past 12 months, three times as many adults surveyed have suffered from online crime versus offline crime, yet less than a third of respondents think they are more likely to become a victim of cybercrime than physical world crime in the next year.
And while 89 percent of respondents agree that more needs to be done to bring cybercriminals to justice, fighting cybercrime is a shared responsibility. It requires us all to be more alert and to invest in our online smarts and safety.”
The disconnect between awareness and action is further illustrated by the fact that while 74 percent of respondents say they are always aware of cybercrime, many are not taking the necessary precautions.
Forty-one percent of adults indicated they don’t have an up to date security software suite to protect their personal information online. In addition, less than half review credit card statements regularly for fraud (47 percent), and 61 percent don’t use complex passwords or change them regularly. Among those who access the Internet via their mobile phone, only 16 percent install the most up to date mobile security.
For more findings from the Norton Cybercrime Report globally and by country
Norton Cybercrime Report Methodology
Between February 6, 2011 and March 14, 2011, StrategyOne conducted interviews with 19,636 people and included 12,704 adults, aged 18 and over 4,553 children aged 8-17 years and 2,379 grade 1-11 teachers from 24 countries (Australia, Brazil,Canada, China, France, Germany, India, Italy, Japan, New Zealand, Spain, Sweden, United Kingdom, United States, Belgium,Denmark, Holland, Hong Kong, Mexico, South Africa, Singapore, Poland, Switzerland, United Arab Emirates).
The margin of error for the total sample of adults (n=12,704) is + 0.87% at the 95% level of confidence. The global data has been weighted to ensure all countries have equal representation: adults to n500.
(i) Findings are extrapolations based upon results from a survey conducted in 24 countries among adults 18-64. The financial cost of cybercrime in the last year ($114bn) is calculated as follows: Victims over past 12 months (per country) x average financial cost of cybercrime (per country in US currency).
(ii) The value of time lost due to cybercrime experiences in the last year ($274 billion) is calculated as follows: Victims over past 12 months (per country) x average time cost of cybercrime (per country in US currency). Figure shown in the sum of all countries total cost.
(iii) 431 million victims in 24 countries over past 12 months is calculated as follows: Latest research from NCR shows 69% of adults in 24 countries have been a victim of cybercrime ever and of these 65% have been a victim in the past 12 months. Online population per country (24 country total = 802,872,752 according to CIA World Factbook) x % cybercrime ever per country x % cybercrime past 12 months per country = 431,504,885 (sum of 24 countries)
Total cost of cybercrime is calculated as follows: Total financial cost $114billion plus value attributed to lost time trying to resolve cybercrime $274billion = $388 billion
Total value of the world’s marijuana, cocaine and heroin market ($288 billion) is calculated as follows:
(iv) 14 cybercrime victims per second and one million cybercrime victims per day calculated as follows: victims over past 12 months (as above) 431,504,885 / 365 days per year / 24 hours / 60 minutes / 60 seconds
(v) Source: Symantec Internet Security Threat Report published April 2011
Thursday, July 21st, 2011
The Infonetics Research Worldwide Web Security SaaS Provider Scorecard, which analyzes and ranks the top web security-as-a-service (SaaS) providers, ranks Cisco tops among SaaS web security providers.
“There is a tight race for leadership among the top 5 web security SaaS providers — Cisco, McAfee, Symantec, Websense, and zScaler. The difference between 1st and 5th place in our vendor matrix comes down to small variations in brand presence, security profile, strategy, capabilities, and financial stability. These factors are valued differently from buyer to buyer, making for some very interesting competition between vendors,” notes Jeff Wilson, principal analyst for security at Infonetics Research.
WEB SECURITY SAAS SCORECARD HIGHLIGHTS
- Cisco leads Infonetics’ web security SaaS provider scorecard overall, in large part because of its strong product offering with unique features, such as integration with Cisco routers
- McAfee and Symantec tie for 2nd right behind Cisco, each scoring stronger or weaker than the other in some areas
- Websense and zScaler, respectively the only standalone web security player and the sole SaaS-only player in the top 5, have the potential to remain strong players in the web security SaaS arena, though both will have trouble matching the security profile and brand presence of Cisco, McAfee, and Symantec
Providers ranked in Infonetics’ Worldwide Web Security SaaS Provider Scorecard includeCisco, McAfee, Symantec, Websense, and zScaler, with additional commentary on other web security SaaS providers such as Blue Coat and Barracuda. The leadership scorecard identifies providers’ strengths and weaknesses, and ranks the top web security SaaS providers based on criteria critical to determining market leadership, including security brand presence, security profile, financial stability, market strategy, and service capabilities.
Wednesday, June 22nd, 2011
A survey conducted by Symantec on 3,700 information technology managers in 35 countries, entitled “Virtualization and Evolution to the Cloud” revealed key points in what benefits businesses expect from implementing a virtual strategy.
While there were many findings, some specific findings also showed two-thirds of enterprises list performance degradation as a somewhat/extremely large factor in their hesitation to place business-critical applications into a private cloud.
An excerpt from the Symantec whitepaper stated performance can be a factor that either drives virtualization or inhibits it. While virtualization/cloud computing can help streamline operations and save money, sacrificing performance is not an option.
Any gains in other areas will be negated if customers and employees are unable to work within a fast, secure environment that provides maximum uptime.
Among organizations that have implemented storage virtualization, 84 percent of respondents stated that one of their goals in doing so was to improve storage performance or speed. In contrast, two-thirds of enterprises list performance degradation as a somewhat/extremely large factor in their hesitation to place business-critical applications into a private cloud.
One key question in the survey asked how important the following goals were at the time of implementing server virtualisation and showed the following:
– 88% said somewhat/completely important to improve the
scalability of our servers
– 87% said somewhat/completely important to reduce expenses
– 85% said somewhat/completely important to improve up-time and
– 83% said somewhat/completely important to improve recovery
– 83% said somewhat/completely important to improve server speed
This hesitancy to fully implement a virtual environment is very much highlighted in another survey which was published in a whitepaper sponsored by EMC and carried out in conjunction with Computing.
– 5% have virtualised 96-100% of their IT infrastructure
– 17% have virtualised 70-95% of their IT infrastructure
– 16% have virtualised 50-69% of their IT infrastructure
– 21% have virtualised 30-49% of their IT infrastructure
– 16% have virtualised 10-29% of their IT infrastructure
– 10% have virtualised 10% of their IT infrastructure
– 15% have virtualised none of their IT infrastructure
The above statistics show that companies are only gradually going to a virtual environment, and by doing so hope to reduce expenses, improve scalability, improve performance and increase disaster recovery preparedness.