Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Monday, October 11, 2010

Most large companies hit by hack attacks, survey shows

That’s what a survey of 350 IT and network professionals would indicate, with large companies in particular reporting this to be worse than last in terms of suffering at least one network intrusion of their user machines, office network or servers.  The Sixth Annual Enterprise IT Security Survey, released Monday, found that 67% of large companies with 5,000 or more employees reported one successful intrusion or more this year, compared with 41% in 2009.  For the first time, the survey, sponsored by VanDyke Software and undertaken by Amplitude Research in mid-September, delved into what the survey respondents believed primarily caused the network intrusion.

Fourteen percent of those surveyed attributed their intrusion problem to “hacker/network attack,” 12% cited “lack of adequate security policies/measures,” 10% said “employee Web usage,” 9% pointed to “virus/malware/spyware,” 8% faulted other employee carelessness, negligence,” 6% said “unauthorized access by current/former employees,” 5% blamed “weak passwords,” 5% thought it was because of “lack of software updates,” and 5% simply said “software security flaw/bug.”

About half of respondents said their organizations have a formal security audit by an outside organization at least once a year, up from 35% in 2009.  Forty-seven percent felt internal audits helped identify security problems, but 30% said the audit didn’t go far enough and 40% felt the audits should occur more frequently.

Posted on 10/11