2011: Year of the hack
In a year that IT security experts have labeled the “Year of the Hack,” Bit9’s endpoint survey of 765 IT executives revealed that Advanced Persistent Threat (APT) attacks – like the one that infiltrated RSA – are of most concern to IT and security professionals.
However, despite the concerns about APT attacks, executives are not doing enough to protect against “dirty” software or malware from infecting their desktops, laptops and servers.
Sixty percent of the respondents are concerned about modern threats, more than double the next closest response, showing the growing anxiety among IT executives around APT attacks.
The second biggest hacking concern among IT executives, at 28 percent, is having one of their own employees steal company data and posts it online, much like what happened at the Department of Defense (DoD) with WikiLeaks.
In third place, at 26 percent, are concerns around a vendor partner being hacked, much like what happened to Epsilon earlier this year. And in fourth place, at 25 percent, are concerns over a cloud application breach, much like what happened with Sony.
While worry remains high around cyber security breaches, the survey also showed a surprising 60 percent of the IT executives use either a written policy based on an “honor system,” or have an open software environment without a security policy in place.
However, risky behavior doesn’t stop there. The majority of companies surveyed (51 percent) said they allow their employees to download and install software.
These companies that allow employees to download software often find digital music sites like iTunes, social media sites and instant messaging software on it endpoints.
Additionally, almost 80 percent of companies allow employees to use removable storage devices, exposing companies to the loss of sensitive data and intellectual property while increasing exposure to malware.
Additional findings from the survey include:
Companies continue to allow employees to engage in risky behaviors: IT executives have become even more hands-off in their software usage policy over the past three years, with 51 percent of respondents admitting that users have full rights to download and install applications.
These relaxed download policies have increased 12 percent from 2010 when 39 claimed to not have policy that prohibits employee downloads and increased by 22 percent from 2009 figures. Additionally, nearly 30 percent of IT executives allow the use of personal mobile devices at work that connects to the company Intranet.
Endpoint security failures take down networks: Almost 20 percent of IT executives admit that unusual software found on the endpoint has resulted in crashing the company’s networks. These crashes meant lost productivity. Nearly 30 percent said the crashes took down their network for 3-6 hours and 89 percent said the crashes lasted two hours or less.
Successful breach of company’s inbox stirs emotions: More than a quarter of IT executives would be mildly embarrassed by a breach exposing their company’s inbox, while more than half admitted to being mortified. Most noteworthy is that seven percent claim that their company would be out of business if such a breach would occur.