RSA Conference Survey reveals that more than 89% of Security Incidents Went Unreported in 2007
August 2008 by RSA, La Division Sécurité d’EMC
RSA® Conference, the world’s information security conferences, released the results of its recent survey of security professionals regarding the critical industry and infrastructure issues they currently face.
The RSA Conference survey identified four specific types of security threats as major pain-points for the industry in the coming year. Forty-nine percent of respondents cited data leakage of customer or employee data as their primary area of concern. Coming in a close second, concerns about e-mail-borne malware/phishing were cited by 41% of survey respondents. Web-borne malware and insider threats/theft were also worrisome to security professionals, both cited by 36% of the respondents.
When asked about the top security and organizational challenges, 49% of survey respondents cited lost or stolen devices. Tied for second place, 47% of respondents noted both non-malicious employee errors and educating employees. Budgetary constraints trouble 44% of respondents.
54% of respondents admitted that they had dealt with a security incident - defined as an unexpected activity that brought sudden risk to the organization and took one or more security personnel to address - in 2007. Additionally, 13% stated that they addressed more than 20 security incidents during 2007.
Of these incidents, data leakage of customer or employee data, insider threats/theft and intellectual property theft accounted for 29%, 28% and 16% respectively (see Chart 4). However, only 11% of those surveyed publicly disclosed any of those security breaches or possible data losses.
“With 29% of respondents stating that they experienced the leakage of employee or customer data in 2007, it is alarming to see that only 11% of those types of incidents went reported,” said Tim Mather, chief security strategist for RSA Conference. “Security professionals need to remain cognizant of the regulations that their organizations must comply with and ensure they are taking steps to properly report the security incidents that are required by law – whatever they may be.” (See videocast with Tim Mather)
In an attempt to uncover the impact of the “Storm” worm and resulting botnet, a backdoor Trojan horse that had detrimental affects on computer operating systems and received extensive media coverage in 2007, the survey found that a mere two percent of organizations were seriously affected by the outbreak. Conversely, 86% said that their organization was not affected by Storm at all.
“As we develop educational programming for our information security events, we rely on the real world experiences of security practitioners to help form the agenda at RSA Conference,” said Sandra Toms LaPedis, area vice president and general manager of RSA Conference. “In an attempt to learn from one another, this survey serves not only as a ‘report card’ for the industry, but also provides insight into what issues may be the focus of RSA Conference 2009.”
The study, “What Security Issues are Plaguing You?” includes responses from more than 300 professionals predominantly charged with managing and engineering security infrastructures within their respective organizations.