The rush of mobile devices entering corporate networks, advanced persistent threats and third-party application vulnerabilities are the primary pain points for IT professionals headed into 2013.
These are new and different issues where a few years ago, these were not even a blip on the worry-meter.
One of the top concerns cited in the fourth annual report researched by the Ponemon Institute was the proliferation of personally-owned mobile devices in the workplace such as smartphones and tablets. Eighty percent of those surveyed said laptops and other mobile data-bearing devices pose a significant security risk to their organization’s networks.
With 13 percent stating they use stricter security standards for personal over corporate-owned devices and 29 percent reporting no security strategy for employee-owned devices at all, there is a clear disconnect between awareness and action.
These figures are quite different compared to the 2010 survey. At that time, nine percent of respondents said mobile devices were a rising threat. This year, 73 percent rank mobile as one of the greatest risks within the IT environment.
This year’s study also found IT professionals view third-party applications as a major security threat. In fact, 67 percent of those surveyed reported they viewed third-party applications as a significant risk – second to mobile security risk.
In previous year’s surveys, the server environment, data centers and operating system vulnerabilities were primary concerns. With the proliferation of mobile devices, along with the wide range of software and removable media commonly used in today’s enterprise environment, IT practitioners increasingly worry about the attack vectors these third party tools could bring into the corporate network.
In addition to mobile security risk, the security concern that represents the biggest headache for 2013 is advanced persistent threats (APTs). Whereas worms and less harmful viruses were a concern in earlier reports, today’s IT teams consider APTs and hacktivism a real, global threat.
Of those surveyed, 36 percent reported they viewed advanced persistent threats as a “significant” threat to their environments while just 24 percent of respondents held this view last year. In addition, 12 percent of those surveyed this year stated current anti-virus/anti-malware technology is very effective in protecting their IT endpoints from today’s malware risk.
“Once again, we found the changing security terrain is preventing the state of endpoint security from improving,” said Dr. Larry Ponemon, chairman and founder, the Ponemon Institute.
“With the rise of hacktivism and advanced persistent threats, along with the sheer number of malware incidents we are seeing today, IT simply cannot keep up with the bad guys,” he said. “Add to this fact that end-users are furthering the complexity of the IT environment by bringing in mobile devices and downloading third-party applications — causing risk to exponentially proliferate. IT simply must take further action before the risk is beyond their control.”
Over 670 IT and IT security practitioners took part in this year’s study. Of those, 77 percent were in organizations with a headcount of more than 1,000 and 66 percent were in a supervisory role or higher. These professionals spanned key industries including financial services, the public sector and healthcare.