Symantec Study: State of Enterprise Security 2010

Posted in Security News by Chris
Feb 25 2010
TrackBack Address.

Most significant cyber risks as per Symantec 2010 State of Enterprise Security study - Cyber attacks are ranked highest at 42%Earlier this week, Symantec released its 2010 State of Enterprise Security study which indicated that about three quarter of the organizations that responded encountered at least one cyber security attack within the past year. Even more disconcerting, about one third of those stated that these attacks were “somewhat/highly effective.”

This is a considerable increase above and beyond the attacks reported the year before. Nevertheless, a mere 42 percent of the responding organizations (2100 CIOs, CISOs and IT managers from 27 countries) indicated in January 2010 that security was their most important issue.

If you can spare the time, read the 16-page report in its entirety. Otherwise here are some highlights:

  • 25 % of respondents did not experience any cyber attacks [yeah, right ... wake up folks ... you likely don't have the right defensive measures in place that would alert you to them ... in which case there's a good chance you're already "owned"]; luckily the rest of the responding enterprises had a higher awareness level regarding this issue.
  • A full 100 % of the enterprises surveyed encountered cyber losses in 2009 which by type were evenly spread across: Customer personally identifiable information (PII); Downtime of environment; Theft of intellectual property. For large enterprises, the associated loss averaged USD 2.8 million per year, each.
  • An IT operations manager for an auto dealership consortium, talking about the cost of losing confidential customer information, indicates: “If we lose information, such as social security numbers or credit cards, we’re liable. We estimate that it costs us $11000 a name if there is a compromise in Security.”While some costs are harder to quantify, they are no less severe, as he emphasizes: “The costs of cyber attacks are financial, brand, stock price and a lot of other things as well. But the biggest cost is a ruined reputation. Who wants to do business with a company that cannot protect their customers’ information?”
  • The initiatives that were rated most problematic from a security standpoint are cloud computing and virtualization:
    • Infrastructure-as-a-Service
    • Platform-as-a-Service
    • Server virtualization
    • Endpoint virtualization
    • Software-as-a-Service
  • Recommendations
    • Protect the infrastructure
    • Protect the information
    • Develop and enforce IT policies
    • Manage systems

If you’d like our help in assessing your current situation and mitigating your risk exposure, contact us today.

DeliciousDiggStumbleUponTwitterFacebookLinkedInMySpacePlaxo PulseShare
Leave a Comment