Editor’s Note: Part one in a four-part series.
Most security practitioners won’t be surprised to hear this: security is tough, and getting tougher. In fact, at times, I’m sure it seems like a perfect storm of problems; the threats are getting worse, losses are mounting, and—in the midst of the global downturn—there are very real concerns around staffing and budgets.
Earlier this week, we announced the findings of a new study, Managed Security in the Enterprise, based on surveys of 1,000 IT managers in U.S. and European enterprises in January 2009. We used this to complement the Symantec Internet Security Threat Report, vol. XIII in order to obtain qualitative data through feedback from security practitioners about changes in the threat landscape, its impact on their business, and how they are dealing with the cyber security challenges they are facing. I’ll recap the study highlights over the next week in a four-part series.
Not surprisingly, almost all of the respondents said that cyber attacks were a big concern. First, 88 percent of U.S. organizations experienced attacks in the past two years. Of those, 42 percent saw attacks on a regular basis and 10 percent saw a large/extremely large number of cyber attacks.
Interestingly, these results were more pronounced from our European respondents, where 95 percent of respondents experienced attacks (half on a regular basis) and 26 percent saw a large or extremely large number of attacks. This doesn’t jive with my expectation that the attack results would be fairly similar in Europe and the United States. Either there is a real difference in the amount of cyber attacks being launched against European organizations (which we’re not seeing), or the perception of the threat level is different. The responses were almost evenly split between the U.S. (523) and Europe (477), and with a 2.8 percent margin of error at the 95% confidence level, which suggests that the survey methodology doesn’t create this disparity.
Ignoring the differences between European and U.S. responses, the most recent Internet Security Threat Report supports the finding that attacks are prevalent. In April 2008, we reported a 571 percent increase in unique malware from the previous year. When we look at the security incidents detected from our security operations centers, we note the continued use of botnets covertly compromising systems in order to steal confidential information. Over the past three months, 75 percent of the critical security incidents that we detected involved communications to a known bot command-and-control server. This shows that not only is malware being used, but it is highly effective in terms of infiltration and also leads to the potential loss of customer information.
Therefore, it wasn’t surprising that 73 percent of respondents noted malicious code attacks against their organizations. On the other hand, only 33 percent of respondents reported experiencing stolen information or malicious actions from internal attackers. Why? Organizations frequently have technology or monitoring tools in place to look for malware or cyber attacks, but most still don’t have solutions looking for inadvertent or intentional data loss. I believe these numbers are understated, and with the expected wider use of Data Loss Prevention tools in the future, these numbers will (unfortunately) increase.
The results of the study clearly demonstrate the proliferation of malware, the frequency of attacks, and the realization that it’s still bad out there. In part two, we’ll get to the actual losses organizations are facing from cyber attacks.
Grant Geyer, VP Symantec Managed Services