Advanced Persistent Threats (APTs), like the one that infiltrated RSA and defense contractors this year, are of most concern to IT and security professionals, a new survey said.
Despite the concerns about APTs, research also showed executives are not doing enough to protect against unauthorized software and malware from infecting their desktops, laptops and servers, according to Bit9’s Third Annual Endpoint Survey of 765 IT executives.
Sixty percent of the respondents said they worry about APT attacks, more than double the next closest response, showing the growing anxiety among IT executives around modern threats.
The second biggest hacking concern among IT executives, at 28 percent, is having one of their own employees steal company data and post it online, much like what happened at the Department of Defense (DoD) with WikiLeaks.
In third place, at 26 percent, are concerns around a vendor partner suffering a hack attack, much like what happened to Epsilon earlier this year. Coming in fourth place, at 25 percent, are concerns over a cloud application breach, much like what happened with Sony.
The Third Annual Endpoint Survey from Bit9 Inc. provides insight from IT and security professionals in technology/software, government and defense, financial services/banking, and retail. The survey looks to gauge endpoint security issues, employee behaviors and topline concerns that enterprise professionals grapple with every day.
While worry remains high around cyber security breaches, the survey also showed a surprising 60 percent of IT executives use either a written policy based on an “honor system,” or have an open software environment without a security policy in place. In addition, 51 percent of companies surveyed said they allow their employees to download and install software.
The companies that allow employees to download software often find digital music sites like iTunes, social media sites and instant messaging software on its endpoints. Additionally, almost 80 percent of companies allow employees to use removable storage devices, exposing companies to the loss of sensitive data and intellectual property while increasing exposure to malware.
“Our data finds that companies are increasingly worried about advanced persistent threat attacks, but they continue to engage in risky behaviors,” said Tom Murphy, chief strategy officer, Bit9. “Companies are gambling on a losing game by failing to put security policies in place. It’s not a case of if a breach will occur, but when and how severe.”
Additional findings from the survey include:
• Companies continue to allow employees to engage in risky behaviors: IT executives have become even more hands-off in their software usage policy over the past three years, with 51 percent of respondents admitting that users have full rights to download and install applications. These relaxed download policies increased 12 percent from 2010 when 39 percent said they did not have a policy that prohibits employee downloads.
• Endpoint security failures can take down networks: While the majority said they have not experienced network outages due to unauthorized software or malware, almost 20 percent of IT executives admit that unusual software found on the endpoint has resulted in crashing the company’s networks. These crashes meant lost productivity. Of those who experienced downtime, 30 percent said the crashes took down their network for three to six hours and 89 percent said the crashes lasted two hours or less.
• Successful breach of company’s inbox stirs emotions: More than 25 percent of IT executives would suffer embarrassment if a breach exposed their company’s inbox, while more than half would be mortified. A note worth mentioning is seven percent claim their company would go out of business if such a breach would occur.
Click here for more information on the survey, and to read the full results.