Execs Worry More About Hackers Than InsidersSurvey: 71 Percent of Organizations Experienced Attacks in Past Year
Twenty-nine percent of respondents reported that their organizations experience attacks on a regular basis and 71 percent saw attacks in the past 12 months. In addition, one of five respondents see an increase in the frequency of attacks. They identify the top attack vectors as malicious code, social engineering and external malicious attacks.
"There's no question that attackers are using more insidious, sophisticated and silent methods to steal data and wreak havoc," Sean Doherty, Symantec vice president and chief technology officer of enterprise security, said in a statement accompanying the study. "Organizations today have more to lose than ever before and need to keep adopting the security innovations and best practices that the industry is delivering to stay protected."
Nearly half of the respondents characterized security threats from hackers as somewhat or extremely significant vs. 46 percent by well-meaning insiders and 44 percent for malicious insiders. Just over one-third expressed concern about state-sponsored attacks.
Cyberattacks attacks cost organizations time and money, with 92 percent of respondents reporting that their companies experienced losses from cyberattacks. One of five small business reported losses of at least $100,000 last year because of cyberattacks. An equal number of large enterprises incurred $271,000 or more in damages. The losses primarily occur in lost productivity (35 percent) and lost revenue (23 percent).
The study's authors say proliferation of smartphones and tablets as well as the immense popularity of social media find IT security leaders scrambling to enhance security. Forty-seven percent of respondents said mobile computing makes in difficult to cybersecurity, followed by social media (46 percent), and the consumerization of IT (45 percent).
The survey also reveals that organizations are the most prepared when tackling routine security measures. Just over half report that they are doing well in handling routine measures and addressing cyberattacks.
However, just under half say they performing doing well in the areas of strategic security initiatives and pursuing innovative security issues. To address these shortfalls, organizations are beefing up IT staff, particular in the areas network, web and endpoint security.
In addition, the survey shows organizations also are increasing their budgets for network and web security as well as security systems management.
"It's clear that organizations are stepping up their efforts in improving their protection, but many companies - nearly half of those surveyed - have much work still to do in safeguarding their networks and information assets," the study's author said.
Symantec commissioned Applied Research to conduct the survey in April and May, contacting 3,300 businesses in a variety of industries that employed from five to 5,000-plus employees. Small business respondents were responsible for computing resources at the company; enterprise respondents were tactical IT, strategic IT or C-level executives. The poll has a reliability of 95 percent confidence with +/- 1.8 percent margin of error.