Secure Computing Survey Finds that Insider Threats are keeping IT
May 2008 by Secure Computing
Secure Computing Corporation announced the results of an IT Director survey that uncovers a rising concern of insider threats and widespread acknowledgement of being unprepared for emerging Web-based attacks.
When asked whether they believed insider or outsider threats posed a bigger problem to their organisation, more than 80 per cent of the 103 Directors surveyed prioritise insider threats (defined as either unintentional data leakage or deliberate data theft). Less than one in five respondents (17 per cent) feel the external threats posed by hackers are more dangerous.
This could be in part due to the fact that 37 per cent of respondents have experienced leakage of sensitive information in the past year. In line with this, internal security is at the top of IT Directors’ shopping lists when respondents were asked to rank potential future investments that included perimeter security, staff mobility and network performance.
Additional interesting survey findings include:
* Email is the Enterprise Achilles Heel: Email is identified as the biggest current security risk to respondents’ organizations (34 per cent). Interestingly Voice over IP comes second (25 per cent) and is deemed a bigger threat than Web surfing (browser-related threats), which only 21 per cent of IT Directors feel is the biggest threat. Despite this apparent confidence, however, four in five respondents (79 per cent) feel they could be better prepared for Web-borne threats.
* Web 2.0 Woes: Established external threats continue to be the biggest concern in a developing Web 2.0 environment. Viruses top the list of offenders, with 31 per cent of IT Directors feeling it is the biggest threat, while spam comes in second (18 per cent) and data leaks a close third (14 per cent).
* Hackers Not a Hindrance: When asked to rank their biggest external security concerns, hackers are surprisingly the area of least concern, with less than a quarter (22 per cent) of respondents feeling they are the biggest threat. Malware appears to be the major headache, with 56 per cent identifying it as their biggest worry.
* Insider Investment: The biggest budgets will be spent on strengthening internal security, with 35 per cent of IT Directors identifying it as their priority planned investment. Surprisingly, considering the forecasted downturn in the economy, "IT asset management for cost savings" is the lowest priority.
* Security Climbing the Board’s Agenda: IT Security is starting to be seen as a genuine business enabler - only one in 10 respondents (11 per cent) feel their board perceives it as a "necessary evil" whilst the remainder feel it is at least as important as any other IT project.
* Data Disclosure Drive: Over two-thirds (68 per cent) of respondents believe data breach disclosure should be compulsory in the UK, as it is in the United States.
Kieran Lees, Regional Sales Director for the UK, Ireland, South Africa and Israel at Secure Computing, comments: "It’s fascinating to see how perceptions of the threat landscape among senior IT decision makers is evolving, with the insider threat and data leakage rivaling traditional external threats among IT Directors’ primary concerns. It’s also very encouraging to see that security is starting to be seen as a genuine business enabler rather than just a necessary evil."