Threat Report: Everyday Issues Consume More Time

Thursday, June 23, 2011 @ 12:06 PM gHale

Advanced persistent threat is the popular phrase in the industrial security world these days, but that is not what garners the most attention from specialists, as they spend more time worrying about more mundane threats like spyware and fake antivirus, a new study shows.

Traditional malware and spyware is the No. 1 threat to organizations, while 60 percent consider the infamous targeted attacks in Stuxnet, Operation Aurora, and Night Dragon as minor threats, according to half of the 1,600 IT administrators and managers and C-level executives surveyed from various industries and government agencies in eEye Digital Security’s “2011 Headlines vs. Reality” study.

RELATED STORIES
Cyber Priority: A Nonproliferation Treaty
Stuxnet Threat Lingers; Industry Slow to React
Attackers Poised to Jump on Mistakes

“It was interesting that more than half of the people surveyed are still spending the majority of their time from a security perspective battling common spyware and fake AV versus targeted attacks,” said eEye founder and CTO Marc Maiffret.

But some of them might not know they have been hit by a targeted attack, he said. “Only 12 percent were identifying with Stuxnet, Aurora,” and other targeted attacks.

Nearly 50 percent of the respondents worry about a lack of manpower and technological resources; 42 percent, about improper configurations; 42 percent, about their organization’s inability to defend against zero-day attacks; and 41 percent, about the lack of security insight in compliance, vulnerabilities, and attacks.

The survey also asked how security professionals would spend a 20 percent increase in their budgets. Security reporting and dashboard technologies were at the top of the list with 65 percent; patch management was close behind, with 63 percent, followed by configuration compliance, with 60 percent. Half said they would add more staffers, and 39 percent said they would beef up regulatory compliance reporting.

“But the sad reality is that more than half haven’t had any budget increases,” Maiffret says, citing other findings in the report. Around 57 percent say their IT security budgets remained flat in 2011, while 21 percent saw an increase. And 22 percent say their budgets declined.



Leave a Reply

You must be logged in to post a comment.