Survey finds insiders and email the biggest threat to securityBy Justin Mann
The problems that IT administrators face have varied year after year, but boil down to the same basic things. Security threats are almost always the biggest concern, and of all the security implications that come with high-tech jobs, there are a few things that plague them more than others. Secure Computing recently conducted a survey to find what sorts of threats are most dire to IT directors. The results were not surprising in the slightest, but were interesting nevertheless.
Topping the list as the biggest security risk was email, with more than a third of people surveyed identifying it as a weak point in business security. It was ranked higher even than web surfing, despite the seemingly unending supply of new security flaws being exploited on web servers around the world. The survey also found a lot of gripes with viruses and spam, but interestingly data leaks were less of a concern than both of those. That is contrary to data in this same report, which claims that the overall most severe threat to IT are insiders, people looking to exploit knowledge from within a company they are working at.
You can see more information after the jump. It is interesting to see how even after decades of IT infrastructure being built up and an entire marketplace of security applications being developed, the same basic problems plague IT admins as they always have.
Secure Computing Survey Finds That Insider Threats Are Keeping
IT Directors Awake at Night
SAN JOSE, CA, May 28, 2008---Secure Computing Corporation (Nasdaq: SCUR), a leading enterprise gateway security company, today announced the results of an IT Director survey that uncovers a rising concern of insider threats and widespread acknowledgement of being unprepared for emerging Web-based attacks.
When asked whether they believed insider or outsider threats posed a bigger problem to their organisation, more than 80 percent of the 103 Directors surveyed prioritise insider threats (defined as either unintentional data leakage or deliberate data theft). Less than one in five respondents (17 percent) feel the external threats posed by hackers are more dangerous.
This could be in part due to the fact that 37 percent of respondents have experienced leakage of sensitive information in the past year. In line with this, internal security is at the top of IT Directors' shopping lists when respondents were asked to rank potential future investments that included perimeter security, staff mobility and network performance.
Additional interesting survey findings include:
* Email is the Enterprise Achilles Heel: Email is identified as the biggest current security risk to respondents' organizations (34 percent). Interestingly Voice over IP comes second (25 percent) and is deemed a bigger threat than Web surfing (browser-related threats), which only 21 percent of IT Directors feel is the biggest threat. Despite this apparent confidence, however, four in five respondents (79 percent) feel they could be better prepared for Web-borne threats. For more information about Web-borne threats, read Secure Computing's white paper "Seven Design Requirements for Web 2.0 Threat Prevention" at https://www.securecomputing.com/webform.cfm?id=219&ref=swathph
* Web 2.0 Woes: Established external threats continue to be the biggest concern in a developing Web 2.0 environment. Viruses top the list of offenders, with 31 percent of IT Directors feeling it is the biggest threat, while spam comes in second (18 percent) and data leaks a close third (14 percent). For more information about data leakage, read Secure Computing's white paper "Data Leakage: Four Sources of Abuse" at https://www.securecomputing.com/pdf/SCC-DataLkAbuse-WP-nbup.pdf
* Hackers Not a Hindrance: When asked to rank their biggest external security concerns, hackers are surprisingly the area of least concern, with less than a quarter (22 percent) of respondents feeling they are the biggest threat. Malware appears to be the major headache, with 56 percent identifying it as their biggest worry. For more information about hackers, read Secure Computing's white paper "What E-Mail Hackers Know that You Don't" at https://www.securecomputing.com/pdf/MAIL-Hackers-WP-nbup.pdf
* Insider Investment: The biggest budgets will be spent on strengthening internal security, with 35 percent of IT Directors identifying it as their priority planned investment. Surprisingly, considering the forecasted downturn in the economy, "IT asset management for cost savings" is the lowest priority.
* Security Climbing the Board's Agenda: IT Security is starting to be seen as a genuine business enabler - only one in 10 respondents (11 percent) feel their board perceives it as a "necessary evil" whilst the remainder feel it is at least as important as any other IT project.
* Data Disclosure Drive: Over two-thirds (68 percent) of respondents believe data breach disclosure should be compulsory in the UK, as it is in the United States.
Kieran Lees, Regional Sales Director for the UK, Ireland, South Africa and Israel at Secure Computing, comments: "It's fascinating to see how perceptions of the threat landscape among senior IT decision makers is evolving, with the insider threat and data leakage rivaling traditional external threats among IT Directors' primary concerns. It's also very encouraging to see that security is starting to be seen as a genuine business enabler rather than just a necessary evil."
About Secure Computing Corporation
Secure Computing Corporation (Nasdaq: SCUR), a leading provider of enterprise gateway security, delivers a comprehensive set of solutions that help customers protect their critical Web, email and network assets. Over half the Fortune 50 and Fortune 500 are part of our more than 22,000 global customers, supported by a worldwide network of more than 2,000 partners. The company is headquartered in San Jose, Calif., and has offices worldwide. For more information, see https://www.securecomputing.com.
Notes to editors: The research was carried out among senior attendees at the Infosecurity Europe exhibition, London Olympia, 22nd - 24th April.