89% of security incidents went unreported in 2007
RSA Conference released the results of its recent survey of security professionals regarding the critical industry and infrastructure issues they currently face. The survey identified four specific types of security threats as major pain-points for the industry in the coming year.
Forty-nine percent of respondents cited data leakage of customer or employee data as their primary area of concern. Coming in a close second, concerns about e-mail-borne malware/phishing were cited by 41% of survey respondents. Web-borne malware and insider threats/theft were also worrisome to security professionals, both cited by 36% of the respondents.
When asked about the top security and organizational challenges, 49% of survey respondents cited lost or stolen devices. Tied for second place, 47% of respondents noted both non-malicious employee errors and educating employees. Budgetary constraints trouble 44% of respondents.
54% of respondents admitted that they had dealt with a security incident – defined as an unexpected activity that brought sudden risk to the organization and took one or more security personnel to address – in 2007. Additionally, 13% stated that they addressed more than 20 security incidents during 2007.
Of these incidents, data leakage of customer or employee data, insider threats/theft and intellectual property theft accounted for 29%, 28% and 16% respectively. However, only 11% of those surveyed publicly disclosed any of those security breaches or possible data losses.
In an attempt to uncover the impact of the “Storm” worm and resulting botnet, a backdoor Trojan horse that had detrimental affects on computer operating systems and received extensive media coverage in 2007, the survey found that a mere two percent of organizations were seriously affected by the outbreak. Conversely, 86% said that their organization was not affected by Storm at all.