Date post: | 19-Oct-2014 |
Category: |
Technology |
View: | 7,586 times |
Download: | 1 times |
2010 State of Enterprise Security
Global Results
Methodology
• Applied Research performed survey
• January 2010
• 2,100 worldwide enterprises
– Small (500-999 employees)
– Mid (1,000-4,999 employees)
– Large (5,000+ employees)
• Cross-industry
• CIO/CISO and IT management
2
Key findings
• Enterprise security is IT’s top concern
• Enterprises are experiencing frequent attacks
• Costs of cyber attacks are high
• Enterprise security becoming more difficult
3
Enterprise security is IT’s top concern
• 42 percent rank cyber risk as their top concern, more than natural disasters, terrorism and traditional crime.
• “Better manage business risk of IT” is second ranked goal
• 120 staff assigned to security/IT compliance
• Half forecast significant changes to enterprise security
4
Frequent attacks
• 75% experienced cyber attacks in past 12 months
• 36% say attacks were somewhat/highly effective
• 29% saw increase in attacks in past 12 months
5
Costs of cyber attacks are high
• 100% have experienced cyber losses
• 92% have seen costs as a result
• Annual cost of cyber attacks: $2.0M (USD)
6
Security becoming more difficult
• Enterprise security is understaffed
• New IT initiatives complicate matters
• Compliance is huge issue with a typical enterprise exploring 17 different standards or frameworks and using an average of 8
7
Recommendations
• Protect the infrastructure
• Protect the information
• Develop and enforce IT policies
• Manage systems
8
Protect the infrastructure
• Secure endpoints
• Protect email and Web
• Defend critical internal servers
• Backup and recover data
9
Only 44% of organizations reported using client-intrusion detection.
Protect the information
• Discover where sensitive information resides
• Monitor how data is being used
• Protect sensitive information from loss
10
77% are somewhat/extremely concerned about losing confidential or proprietary information.
Develop and enforce IT policies
• Define risk and develop IT policies
• Assess infrastructure and processes
• Report, monitor and demonstrate due care
• Remediate problems
11
50% have experienced social engineering attacks in the past 12 months, something that policies would address
Manage systems
• Implement secure operating environments
• Distribute and enforce patch levels
• Automate processes to streamline efficiency
• Monitor and report on system status
12
87% felt that keeping patches and definition files current was their most effective safeguard.