A new generation of unknown security threats stemming from technologies such as BYOD, mobility, cloud computing, and internet usage, as well as internal actions both accidental and malicious, introduce organisations to a multitude of new risks. That is according to an IT firm’s security survey. However, the majority of IT leaders around the world say they don’t view these threats as top security concerns. In fact, less than one-fifth (18 percent) consider predicting and detecting unknown threats as a top security concern today (22 percent in the UK).
According to Dell threats come from all IT perimeters, both inside and outside of the organisation and are often hidden in poorly configured settings or permissions, and ineffective data governance, access management and usage policies. The survey of public and private sector security decision-makers gauged their awareness of, and preparedness for this new wave of threats plaguing IT security.
Findings include:
· 64 percent of respondents agree that organisations will need to restructure/reorganise their IT processes, and be more collaborative with other departments to stay ahead of the next security threat. Of those surveyed in the United States, 85 percent said this approach is needed, contrasting with the UK (43 percent) and Canada (45 percent), which were the least convinced this would be necessary
· Nearly 90 percent of respondents believe government should be involved in determining organisations’ cyber defense strategies, and 78 percent in the United States think the federal government plays a positive role in protecting organisations against both internal and external threats, which underscores the need for strong leadership and guidance from public sector organisations in helping secure the private sector. The UK (22 percent) ranked second highest in the number of respondents who would prefer the Government had ‘no role at all’ with Canada ranking top with a quarter of respondents (25 percent) selecting this option.
Inside and outside
The spike in social engineering, malicious and/or accidental internal attacks, as well as sophisticated, advanced persistent threats means the organisation is vulnerable from all directions. All stakeholders must the IT firm says take action to strengthen access to points inside and outside the perimeter, and help users prevent such attacks.
· 67 percent of survey respondents say they have increased funds spent on education and training of employees in the past 12 months (55 percent in the UK); 50 percent (globally and in the UK) believe security training for both new and current employees is a priority
· 54 percent have increased spending in monitoring services over the past year (42 percent in the UK); this number rises to 72 percent in the United States
Among the IT decision-makers surveyed, BYOD, cloud and the internet were the top areas of concern for security threats.
· BYOD ─ A sizable number of respondents highlighted mobility as the root cause of a breach, with increased mobility and user choice flooding networks with access devices that provide many paths for exposing data and applications to risk.
o 93 percent of organisations surveyed allow personal devices for work (88 percent in the UK). 31 percent of end users access the network on personal devices (37 percent in the United States; 24 percent in the UK)
o 44 percent of respondents said instituting policies for BYOD security is of high importance in preventing security breaches (46 percent in the UK)
o 57 percent ranked increased use of mobile devices as a top security concern in the next five years (71 percent in the UK)
o 24 percent said misuse of mobile devices/operating system vulnerabilities is the root cause of security breaches (16 percent in the UK)
· Cloud ─ Many organisations today use cloud computing, potentially introducing unknown threats that lead to targeted attacks on organisational data and applications. Survey findings prove these stealthy threats come with high risk.
o 73 percent of respondents report their organisations currently use cloud (90 percent in the United States; 66 percent in the UK)
o Nearly half (49 percent) ranked increased use of cloud as a top security concern in the next five years (47 percent in the UK), suggesting unease for the future as only 22 percent (globally and in the UK) said moving data to the cloud was a top security concern today
o In organisations where security is a top priority for next year, 86 percent are using cloud
o 21 percent said cloud apps or service usage are the root cause of their security breaches (16 percent in the UK)
· Internet ─ The significance of the unknown threats that result from heavy use of Internet communication and distributed networks is evidenced by the 63 percent of respondents who ranked increased reliance upon internet and browser-based applications as a top concern in the next five years.
o More than one-fifth of respondents (21 percent) consider infection from untrusted remote access (public wifi) among the top three security concerns for their organisation (16 percent in the UK)
o 47 percent identified malware, viruses and intrusions often available through web apps, OS patching issues, and other application-related vulnerabilities as the root causes of breaches (43 percent in the UK)
o 70 percent are currently using email security to prevent outsider attacks from accessing the network via their email channel (77pc in the UK)
Known and unknown
The survey suggested that 76 percent of IT leaders surveyed (93 percent in the United States; 77 percent in the UK) agree that to combat today’s threats, an organisation must protect itself both inside and outside of its perimeters. This requires not only a comprehensive set of solutions that protects from the inside out and the outside in ─ from the endpoint, to the data center to the cloud ─ but one that also connects these capabilities to provide deeper insights and stronger predictive analytics so that strategic action can be taken quickly.
Matt Medeiros, vice president and general manager, Dell Security Products, Dell Software Group, said: “Traditional security solutions can defend against malware and known vulnerabilities, but are generally ineffective in this new era of stealthy, unknown threats from both outside and inside the organisation. These threats evade detection, bypass security controls, and wreak havoc on an organisation’s network, but, despite these dangers, our study found, among those surveyed, organisations are just not prepared. There is still a disturbing lack of understanding and awareness of the type of impact and detriment caused by the unknown threats that can come from both sides of an organisation’s perimeter. As a result, we believe a new security approach is needed ─ one that’s embedded in the fabric of software, governing access to every application and protecting every device, both inside and outside a corporate network. Only then will organisations have a chance at keeping one step ahead of these epidemic threats that can significantly damage their network.”
About the survey
Dell Software commissioned Vanson Bourne to survey 1,440 IT decision makers in organisations with 500+ employees or end users. The survey took place from October-November 2013 and across: the U.S. (300), Canada (60), U.K. (200), France (200), Germany (200), Italy (60), Spain (60), India (200), Australia (60), and Beijing (100). Both the private and public sectors were interviewed with specific focuses on: retail, consumer products, manufacturing, higher education, education (excluding higher), government/public services, healthcare (private and public), financial services, and other commercial sectors.
