These attacks have cost businesses an average of 2 million dollars per year. Also, the agencies reported that corporate security has become increasingly difficult because of lack of staff and new IT initiatives to intensify the security and compliance policies. The study is based on 2100 surveys executives CIO and CISO, and IT managers from 27 countries and was held in January 2010.
"The protection of information is now one of the most demanding projects needed to implement an enterprise" Mr Christos Ventouris , Technology Specialist area of Enterprise Security company Symantec. "Creating a comprehensive safety plan for protecting infrastructure and information, requiring compliance policies and systems are managed effectively, companies can increase their competitive advantage in the professional arena."
Key points of the study
-Security is a major issue in global business. 42% of companies assess the risk of the Internet as their main concern, more than the combination of natural disasters, terrorism and traditional crime. As a result of this perception, the IT focus on adherence to corporate security.
Companies evaluate the "Better management of business risk in IT" as one of the key objectives for 2010, while 84% evaluate this objective as very / fairly important.
Almost all enterprises views having been (94%) predicted changes in the security field in 2010, with half (48%) consider that there are significant changes in corporate security.
-Companies are frequently attacked. Over the past 12 months, 75% experienced cyberattacks, while 36% felt that the attacks were almost / very effective. In the worst situation was found a 29%, which saw an increase in attacks over the last 12 months.
All-Business (100%) sustained kyvernoapeiles in 2009. The three main losses were reported intellectual property theft, theft of customer credit card numbers or other financial information and theft of personal customer information. These losses translated into a monetary cost for 92% of cases.
The three main costs for the company revealed a productivity, revenue and loss of customer confidence. The companies reported that they spent an average of 2 million U.S. dollars annually to combat kyvernoapeiles.
-Corporate security has become increasingly difficult because a number of factors. First, corporate security is lack of personnel to the areas most affected are the network security (44%), safety terminal (endpoint -44%) and security in Instant Messaging (39%).
Second, firms start new initiatives that make the security process more difficult. The initiatives that the industry considers IT as the most problematic in terms of security are: infrastructure-as-a-service, platform-as-a service, server virtualization, endpoint virtualization and software-as-a-service.
Finally, compliance in IT is also a big commitment. Large companies in their majority consider 19 different IT standards or frameworks within which to operate, and is currently operating with only 8 of them. The core standards include ISO, HIPAA, Sarbanes-Oxley, CIS, PCI, and ITIL.
Suggestions
-Organizations need to protect their infrastructure to insure the endpoints and the environment internet and instant messaging in which they operate. Additionally, the protection of critical server and implement a plan to back up and recover data should be located in their priorities. Organizations also need specialists who will provide them with security information which can respond quickly to threats.
-The managers of IT should provide for the protection of information, taking an approach that focuses on information to protect themselves and their interactions with it. Taking an approximate knowledge of the contents of the information we need to know sensitive information residing, who has access and how they enter or leave the organization.
-Organizations need to develop and enforce compliance policies to automate compliance procedures within the company. Putting priorities in identifying risks and policies that span all locations, customers can make stronger policies through integrated automation and workload, not only to recognize threats, but to be able to rectify incidents when they occur or to prevent even before they occur.
-Organizations must manage their systems by implementing safe operating environment, distributing and supporting the corresponding patch levels, automating processes and improving efficiency while controlling and often indicate the status of the system.
PDF: The results of the study "2010 Symantec State of Enterprise Security Study"
SOURCE: Press Release
0 comments:
Post a Comment