How Do IT Security Professionals Prioritize



Similar documents
Avoiding the Top 5 Vulnerability Management Mistakes

Simplifying the Challenges of Mobile Device Security

Three Ways to Secure Virtual Applications

Understanding BeyondTrust Patch Management

WHITE PAPER. Analyzing the Effectiveness and Coverage of Web Application Security Scanners

WHITE PAPER. Attaining HIPAA Compliance with Retina Vulnerability Assessment Technology

WHITE PAPER. Take Back Control of Your Active Directory Auditing

SecureIIS Web Server Protection Guarding Microsoft Web Servers

The Need for Vulnerability Assessment and Remediation

WHITE PAPER. Best Practices for Securing Remote and Mobile Devices

Intrusive vs. Non-Intrusive Vulnerability Scanning Technology

Reduce the Cost of PCI DSS Compliance with Unified Vulnerability Management

Legacy Applications and Least Privilege Access Management

Retina CS: Using Strong Certificates

Challenges of Managing Privileged Access on Windows and Servers

Microsoft Windows XP Vulnerabilities and Prevention

BIG SHIFT TO CLOUD-BASED SECURITY

Building a Secure and Compliant Windows Desktop

Security & SMEs. An Introduction by Jan Gessin. Introduction to the problem

Vulnerability Risk Management 2.0. Best Practices for Managing Risk in the New Digital War

WHITE PAPER. BeyondTrust PowerBroker : Root Access Risk Control for the Enterprise

Why should I care about PDF application security?

Cyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO p f

Energy Cybersecurity Regulatory Brief

Endpoint Security More secure. Less complex. Less costs... More control.

Building a Business Case:

Big Tips and Ideas for Small to Mid-size Businesses

Closing the Vulnerability Gap of Third- Party Patching

Privilege Gone Wild: The State of Privileged Account Management in 2015

Cyber Security Metrics Dashboards & Analytics

Windows XP End-of-Life Handbook for Upgrade Latecomers

eguide: Designing a Continuous Response Architecture Executive s Guide to Windows Server 2003 End of Life

Open an attachment and bring down your network?

Taking a Proactive Approach to Patch Management. B e s t P r a c t i c e s G u i d e

Finally: Achieve True Principle of Least Privilege for Server Administration in Microsoft Environments

YOUR DATA UNDER SIEGE: GUARD THE GAPS WITH PATCH MANAGEMENT. With Kaspersky, now you can. kaspersky.com/business Be Ready for What s Next

Privilege Gone Wild: The State of Privileged Account Management in 2015

Exposing the Cybersecurity Cracks: A Global Perspective

Top 5 Security Trends and Strategies for 2011/2012 Peter Sandkuijl Europe SE manager network security psandkuijl@checkpoint.com

The Importance of Patching Non-Microsoft Applications

2012 Bit9 Cyber Security Research Report

Cyber security and critical national infrastructure

WHITE PAPER. Improving Efficiency in IT Administration via Automated Policy Workflows in UNIX/Linux

Cyber Security Seminar KTH

Internet security: Shutting the doors to keep hackers off your network

Auditing your IT Infrastructure

THREAT VISIBILITY & VULNERABILITY ASSESSMENT

Report Book: Retina Network Security Scanner Unlimited

The Importance of Patching Non-Microsoft Applications

Beyond Aurora s Veil: A Vulnerable Tale

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth

January IIA / ISACA Joint Meeting Pre-meeting. Cybersecurity Update for Internal Auditors. Matt Wilson, PwC Risk Assurance Director

Cyber intelligence in an online world

Reducing the cost and complexity of endpoint management

Cybersecurity Awareness for Executives

WHITE PAPER. Running. Windows Server in a Post-Support World. By Nick Cavalancia

Cybersecurity Landscape for the Utility Industry and Considerations for State Regulators

Frost & Sullivan s. Aerospace, Defence & Security Practice. Global Industrial Cyber Security Trends

THE TOP 4 CONTROLS.

What you need to know to keep your computer safe on the Internet

White Paper. What the ideal cloud-based web security service should provide. the tools and services to look for

Protecting Your Organisation from Targeted Cyber Intrusion

It s 2 o clock: Who Has Your Data? Josh Krueger Chief Technology Officer Integrity Technology Solutions

By John Pirc. THREAT DETECTION HAS moved beyond signature-based firewalls EDITOR S DESK SECURITY 7 AWARD WINNERS ENHANCED THREAT DETECTION

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Tackling Third-Party Patches

Cyber Security & State Energy Assurance Plans

Closing the Antivirus Protection Gap

Cyber Security Management

End of Support Should Not End Your Business. Challenge of Legacy Systems

ACHIEVING CYBER SECURITY READINESS WITHIN AN EVOLVING THREAT LANDSCAPE

eguide: Designing a Continuous Response Architecture 5 Steps For Windows Server 2003 End of Life Success

Cyber Security Solutions:

Statement for the Record. Richard Bejtlich. Chief Security Strategist. FireEye, Inc. Before the. U.S. House of Representatives

2012 Application Security Gap Study: A Survey of IT Security & Developers

Phone: Fax:

Facilitating a Windows 7 Upgrade and Application Packaging for a Major U.S. Bank

Protecting Your Data, Intellectual Property, and Brand from Cyber Attacks

IT & DATA SECURITY BREACH PREVENTION A PRACTICAL GUIDE. Part I: Reducing Employee and Application Risks

The Cancer Running Through IT Cybercrime and Information Security

EMERGING THREATS & STRATEGIES FOR DEFENSE. Stephen Coty Chief Security

Commissioned Study. SURVEY: Mobile Threats are Real and Costly

Evolving Uses of Technology: Mobility and Cybersecurity

TECHNOLOGY PARTNER WEBINAR. eeye & Core Security: Integrated Vulnerability Scanning & Penetration Testing

The Importance of Patching Non-Microsoft Applications

1 Introduction Product Description Strengths and Challenges Copyright... 5

Fusing Vulnerability Data and Actionable User Intelligence

ENDPOINT PROTECTION Understanding the Challenges and Evaluating a Solution

Northwestern University Dell Kace Patch Management

The Challenges of Managing Privileged Access on Windows Desktops and Servers

G DATA MOBILE MALWARE REPORT

Cybercrime: risks, penalties and prevention

Leverages of Symantec and Enterprise Vault

Cyber and Mobile Landscape, Challenges, & Best Practices

Enabling Seamless & Secure Mobility in BYOD, Corporate-Owned and Hybrid Environments

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

Best Practices for Auditing Changes in Active Directory WHITE PAPER

Information Security Services

Network Security Landscape

Transcription:

WHITE PAPER How Do IT Security Professionals Prioritize Headlines versus Reality: Survey Report

Table of Contents Executive Summary 3 Recommendations 3 Survey Statistics 4 Methodology 6 About BeyondTrust 7 2 2013. BeyondTrust Software, Inc.

Executive Summary High profile cyber attacks, like hurricanes, have their own names and generate a lot of coverage on the cyber security beat. Threats like Stuxnet, Aurora, and Night Dragon have received a lot of attention of late, but of more immediate concern to most IT security professionals are the threats they don t hear about in the news. A survey by BeyondTrust, a provider of IT security and unified vulnerability management solutions, reveals that the majority of IT professionals surveyed view common malware and spyware threats to their networks and IT assets as their number-one concern, not the headline-making attacks. This report analyzes the results of BeyondTrust s Headlines vs. Reality survey of 1,677 respondents, including IT and IT security administrators and managers, and C-level executives from companies big and small in a number of industry verticals. The survey identifies what threats they re most concerned about, where they believe their IT assets are vulnerable, and what security improvements they would make if they got a hypothetical 20 percent increase in their budgets. The survey reveals that those high-profile attacks, while significant, often are aimed at specific targets and are of little threat to the broader community. Stuxnet, for instance, was a computer worm discovered in July 2010, that did attack Microsoft Windows computers a ubiquitous operating system, of course but it was primarily aimed at disrupting the nuclear enrichment program of Iran. Sixty percent of the infected computers were in that country. Likewise, Operation Aurora in 2009 was a worm originating in China and targeting a number of high tech and defense contractor firms including Symantec, Adobe Systems, and Northrup Grumman. Its most high profile target was Google, which accused the perpetrators of hacking the Gmail accounts of Chinese dissidents. Aurora was a big story but it was still relatively limited. Lastly, Night Dragon was a cyber attack focused on companies in the oil, gas, and petrochemicals industries. If you were in any of those industries, that was a big threat, but if not, your attention was best directed elsewhere. Those named threats were of little concern to IT professionals in the BeyondTrust survey. Stuxnet was identified as a large or very large threat to only 12 percent of respondents, Aurora by only 12 percent, and Night Dragon by only 10 percent. Instead, 55 percent of respondents identified common malware and spyware as a large or very large threat to their organization. The survey drilled further down into their top concerns (based on a select all that applies response): 48 percent of respondents are concerned over a lack of human and technological resources to improve security. 42 percent of respondents are worried about improper configurations that could leave them vulnerable. 42 percent said they are worried over their inability to protect against Zero Day vulnerabilities, which are unidentified or unpatched threats 41 percent said they are concerned over a lack of security insight into compliance issues and vulnerabilities and attacks. Organizations are usually subject to industry and government security requirements. Recommendations TAKE A MULTI-PRONGED APPROACH Organizations need a multi-pronged approach to protecting themselves from common malware and spyware attacks that includes better patch management, tighter configuration control, and improved network security management. Sometimes, organizations have so many patches they re advised to apply that they have to prioritize which ones to apply first, leaving them potentially vulnerable to the patches they don t get to. 3 2013. BeyondTrust Software, Inc.

UPGRADING HELPS IT professionals are also constantly busy performing software configuration management (SCM) to apply software updates or migrate to newer version of software. The Operation Aurora attacks, for instance, were most successful attacking the outdated Internet Explorer 6 Web browser; if they had upgraded to IE 8, they would have been better protected. Likewise, the latest network security tools will usually be more effective than older ones. BUDGET WISH LISTS FURTHER SUPPORT PRIORITY STACK To determine how organizations would try to improve protection against malware and spyware, BeyondTrust asked respondents how they would spend a hypothetical 20 percent increase in their IT security budgets (based on a select all that applies response): o 65 percent said they would invest it in security reporting and dashboard management technologies. o 63 percent said they would invest in patch management. o 60 percent said they would invest in configuration compliance. o 52 percent said they would hire additional personnel. o 39 percent said they would invest in regulatory compliance reporting. Alas, for most of the respondents, that 20 percent budget boost will remain hypothetical. The survey showed that only 21 percent of respondents received an increase in their IT security budgets the next year, while 57 percent saw no increase and 22 percent suffered a budget cut. Survey Statistics Chart 1 Overview High-profile attacks, while significant, often are aimed at specific targets and are of little concern to the broader community. Named threats, such as Stuxnet, Operation Aurora, and Night Dragon are of little concern to IT professionals. Chart 1 Conclusion Stuxnet was identified as a large or very large threat to only 12 percent of respondents, Aurora by only 12 percent and Night Dragon by only 10 percent. Instead, 55 percent of respondents identified common malware and spyware as a large or very large threat to their organization. 4 2013. BeyondTrust Software, Inc.

Chart 2 Overview IT Security professionals are really concerned about security foundations. Chart 2 Conclusion Leading concerns include lack of security resources (human, hardware, or software) (47%), improper configurations (42%), and inability to protect against zero-day vulnerabilities (42%). Chart 3 Overview To determine how organizations would try to improve protection against malware and spyware, BeyondTrust asked respondents how they would spend a hypothetical 20 percent increase in their IT security budgets. Chart 3 Conclusion Top spend areas include security reporting and dashboard management technologies (65%), patch management (63%), and configuration compliance (60%). 5 2013. BeyondTrust Software, Inc.

Chart 4 Overview For most of the respondents, that 20 percent budget boost will remain hypothetical. Chart 4 Conclusion The survey showed that only 21 percent of respondents received an increase in their IT security budgets for the next year, while 57 percent saw no increase and 22 percent suffered a budget cut. Methodology In order to get as accurate a picture of the IT security landscape as possible, BeyondTrust surveyed a broad cross-section of organizations. Respondents came from the energy, financial services, government, healthcare, high tech, and retail sectors. Twenty-nine percent of respondents are from organizations with 4,000 employees or more. The Headlines vs. Reality survey delivers insight into the vulnerabilities that organizations face and how they work to protect themselves from the ever-changing and ever-challenging threats from cyber criminals and other network security risks. Out of necessity, IT professionals have an increasingly clear idea of what threats exist; (it s tough to ignore the headlines), but in addition to managing security, they re also tasked with trying to use IT to strengthen their business, and reach and serve customers. High-profile attacks may not affect them directly, but the attention those cases get raises awareness of the importance of IT security. As this subject continues to enter the forefront of business, more focus will be brought to implementing the very best security practices and solutions available, not just what budgets presently allow. 6 2013. BeyondTrust Software, Inc.

About BeyondTrust With more than 25 years of global success, BeyondTrust is the pioneer of Privileged Identity Management (PIM) and vulnerability management solutions for dynamic IT environments. More than half of the companies listed on the Dow Jones Industrial Average rely on BeyondTrust to secure their enterprises. Customers include eight of the world s 10 largest banks, seven of the world s 10 largest aerospace and defense firms, and six of the 10 largest U.S. pharmaceutical companies, as well as renowned universities. The company is privately held, and headquartered in San Diego, California. For more information, visit beyondtrust.com. Contact Info North American Sales 1.800.234.9072 sales@beyondtrust.com EMEA Sales Tel: + 44 (0) 8704 586224 emeainfo@beyondtrust.com CONNECT WITH US Twitter: @beyondtrust Facebook.com/beyondtrust Linkedin.com/company/beyondtrust www.beyondtrust.com Corporate Headquarters 550 West C Street, Suite 1650 San Diego, CA 92101 7 2013. BeyondTrust Software, Inc.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information