2010 state of enterprise security
Post on 19-Oct-2014
7.586 views
DESCRIPTION
The 2010 State of Enterprise Security report is based on input from 2100 enterprises around the world. The report finds that security it IT’s top concern as organizations experience frequent and increasingly effective cyber attacks. The costs of these attacks is high, and enterprise security is becoming more difficult. Symantec provides key security strategies to help security IT cope with this challenging landscape. For a copy of the report visit bit.ly/daxAhb.TRANSCRIPT
2010 State of Enterprise Security
Global Results
Methodology
• Applied Research performed survey
• January 2010
• 2,100 worldwide enterprises
– Small (500-999 employees)
– Mid (1,000-4,999 employees)
– Large (5,000+ employees)
• Cross-industry
• CIO/CISO and IT management
2
Key findings
• Enterprise security is IT’s top concern
• Enterprises are experiencing frequent attacks
• Costs of cyber attacks are high
• Enterprise security becoming more difficult
3
Enterprise security is IT’s top concern
• 42 percent rank cyber risk as their top concern, more than natural disasters, terrorism and traditional crime.
• “Better manage business risk of IT” is second ranked goal
• 120 staff assigned to security/IT compliance
• Half forecast significant changes to enterprise security
4
Frequent attacks
• 75% experienced cyber attacks in past 12 months
• 36% say attacks were somewhat/highly effective
• 29% saw increase in attacks in past 12 months
5
Costs of cyber attacks are high
• 100% have experienced cyber losses
• 92% have seen costs as a result
• Annual cost of cyber attacks: $2.0M (USD)
6
Security becoming more difficult
• Enterprise security is understaffed
• New IT initiatives complicate matters
• Compliance is huge issue with a typical enterprise exploring 17 different standards or frameworks and using an average of 8
7
Recommendations
• Protect the infrastructure
• Protect the information
• Develop and enforce IT policies
• Manage systems
8
Protect the infrastructure
• Secure endpoints
• Protect email and Web
• Defend critical internal servers
• Backup and recover data
9
Only 44% of organizations reported using client-intrusion detection.
Protect the information
• Discover where sensitive information resides
• Monitor how data is being used
• Protect sensitive information from loss
10
77% are somewhat/extremely concerned about losing confidential or proprietary information.
Develop and enforce IT policies
• Define risk and develop IT policies
• Assess infrastructure and processes
• Report, monitor and demonstrate due care
• Remediate problems
11
50% have experienced social engineering attacks in the past 12 months, something that policies would address
Manage systems
• Implement secure operating environments
• Distribute and enforce patch levels
• Automate processes to streamline efficiency
• Monitor and report on system status
12
87% felt that keeping patches and definition files current was their most effective safeguard.