ABOUT SYMANTEC

Press Release

Symantec Survey Finds IT Security Staffing Challenges Hinder Enterprises’ Ability to Respond to New Threats

MOUNTAIN VIEW, Calif. – Oct. 19, 2011 – Symantec Corp. (Nasdaq: SYMC) today announced the findings of its 2011 Threat Management Survey which examined the concerns and challenges IT security organizations face as they confront the evolving threat landscape. The poll revealed that most enterprises are not confident in their security posture and that staffing is a major issue limiting IT security’s effectiveness.


Read more detailed blog post:

“Although organizations are more concerned than ever about keeping up with the evolving threat environment, many still fall short of achieving high confidence in their security posture,” said David Dorosin, director of product marketing for the Threat and Risk Management group at Symantec. “Effective threat management requires advanced technology for enterprise visibility and the correlation and analysis of security data, but our research shows that the human element is often the limiting factor for enterprise threat management teams.”


Click to Tweet: 57% of enterprises lack confidence in their ability to respond to new threats, mostly due to staffing issues: http://bit.ly/pwuXqW


Symantec’s recent 2011 State of Security Survey found cyberattacks were the top concern of the organizations surveyed and the importance of these threats has increased for many respondents. Probing deeper into an enterprise’s ability to manage these threats, 57 percent of respondents to the 2011 Threat Management Survey said they lack confidence in their IT security staffs’ ability to respond to new and emerging threats.


The Threat Management Survey also found that 46 percent of those who lacked confidence indicated insufficient security staff was a top factor. A similar number (45 percent) cited a lack of time to respond to new threats for their existing staff. Overall, 43 percent of organizations worldwide reported they are somewhat or extremely understaffed. In North America, respondents were much more likely to report understaffing, with 53 percent reporting staffing challenges.


Those who lack confidence in their ability to respond to threats also reported issues with staff effectiveness. Sixty-six percent rate their staff as less than effective and only 4 percent rate their staff as completely effective. The top three issues impacting staff effectiveness were recruiting (46 percent), retention (42 percent) and skill set gaps with existing staff (35 percent). The findings suggest that effectiveness is linked to both staffing levels as well as staff experience and skill set.


Beyond these staffing issues, the other top concerns noted by respondents were keeping up with changes in the threat landscape, maintaining adequate visibility of their own infrastructure and managing security log and alert data in a timely and effective manner. Sixty-eight percent identified threat intelligence as one of their top two concerns. Concerns about the potential for new avenues of attack in an evolving infrastructure are reflected in the 49 percent who ranked security visibility as a top concern. Finally, a significant number (45 percent) reported they are concerned about their ability to properly correlate and analyze the security information and alerts that are being generated by their security solutions.


Symantec Recommendations

  • Build a Comprehensive Incident Management Program.  Plan for all aspects of your incident management program, including technology, people and processes. In particular, be sure to consider the staffing requirements to maintain an effective program.
  • Be Vigilant About the Changing Threat Landscape.  With the accelerating rate of change in the external threat environment, many enterprises need to increase their attention on the latest developments to keep pace.
  • Broaden the Visibility Across Your Infrastructure.  Enterprise infrastructure is constantly evolving and new infrastructure trends, such as mobility, virtualization and cloud-based solutions, can open up new avenues for attacks. Maintain ‘edge-to-endpoint’ visibility across your infrastructure to mitigate these new risks to protect information and identities.
  • Evaluate Systems for Managing Security Information and Alerts.  The rising volume of security information and alerts is straining some organizations. These organizations should evaluate the technology, processes and staffing that are in place for storing, analyzing and acting on this data.

Norton Cybercrime Index


Symantec’s Threat Management Survey

Symantec’s Threat Management Survey is the result of research conducted in June 2011 by Applied Research, which surveyed C-level and IT professionals at small, medium, and large enterprises (defined as 1,000-2,400, 2,500-4,999, and 5,000+ employees). The report was designed to examine security concerns and challenges IT organizations are facing. The survey included 1,025 respondents from countries in North America, EMEA (Europe, Middle East and Africa), Asia Pacific, and Latin America.


Resources

Connect with Symantec

About Symantec

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available at www.symantec.com.


Note to Editors: If you would like additional information on Symantec Corporation and its products, please visit the Symantec News Room at http://www.symantec.com/news. All prices noted are in U.S. dollars and are valid only in the United States.


Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.


Forward-looking Statements: Any forward-looking indication of plans for products is preliminary and all future release dates are tentative and are subject to change. Any future release of the product or planned modifications to product capability, functionality, or feature are subject to ongoing evaluation by Symantec, and may or may not be implemented and should not be considered firm commitments by Symantec and should not be relied upon in making purchasing decisions.


TECHNORATI TAGS: Symantec, enterprises, security, IT staffing, security threats