Organizations saw an increase in targeted attacks in 2006 and a new survey shows the majority of IT professionals (67 percent) expect even more zero-day threats in 2007. PatchLink Corporation announced findings from a comprehensive customer survey addressing network attacks, Microsoft Vista and security plans for 2007. The survey was completed by more than 200 CIOs, CSOs, IT managers and network administrators across Europe, Asia Pacific and the United States.
Network Attacks & Vulnerabilities
More than half of respondents (59 percent) say their network was attacked by a virus in the past two years. And 51 percent confirm they’ve seen an increase in non-Microsoft vulnerabilities. In fact, an overwhelming majority of IT administrators (97 percent) feel Microsoft’s operating system is still the most prone to attack while 88 percent say their main security concern is protecting
“With the proliferation of zero-day threats and the recent third-party patches, it’s crucial that we have a process in place for quickly deploying the most up-to-date vulnerability remediation across our network,” said Gabriel Selmi, network administrator at Advanced Behavioral Health. “Whether fixing known vulnerabilities or applying workarounds, it’s important that we take every step to protect ourselves.”
More than half of IT professionals surveyed (51 percent) feel Microsoft Vista will be a more secure operating system than Windows XP, yet only 44 percent plan to implement it at their organizations; 63 percent of those respondents will deploy it in the next year. That being said, IT administrators don’t anticipate that Vista will solve all of their security concerns as the majority of people (72 percent) feel the patch management process will remain the same with Vista as it is with Windows XP. In fact, 59 percent of respondents plan to use third-party solutions in addition to the built in security features of Vista.
2007 Security Predictions
While 89 percent of executives say their organization is more secure now than it was one year ago, IT professionals are not taking any chances as the survey shows 66 percent plan to spend more on security in 2007 than they did in 2006. Additionally, 67 percent of respondents anticipate an increase in zero-day threats next year. Twenty-nine percent of administrators say the zero-day increase is the primary issue driving their security budget, with regulatory compliance in second (23 percent) and 21 percent saying the growing mobile workforce is the number one factor influencing their 2007 security budget.
The abundance of security concerns is enough to keep IT professionals from getting a good night’s sleep. When asked what keeps them awake at night, it was a tight race between malware/spyware (36 percent), zero-day vulnerabilities (34 percent) and insider threats (33 percent).