RSA Conference released the results of a recent survey of security professionals regarding the critical security threats and infrastructure issues they currently face, including those exacerbated by the current economic climate.
The study, “What Security Issues Are You Currently Facing?,” includes responses from nearly 150 C-level executives and professionals charged with directing, managing and engineering security infrastructures within their respective organizations.
The study indicates that even though practitioners are most concerned about email phishing and securing mobile devices, technologies addressing these needs are at risk of being cut from IT budgets. Seventy-two percent of respondents indicated a rise in email-borne malware and phishing attempts since fall 2008, with 57% stating they have seen an increase in Web-borne malware. Concerns about zero-day attacks and rogue employees as a result of layoffs were cited by 28% and 26% of survey respondents, respectively.
When asked about the top security and organizational challenges they expect to face in the next 12 months, 57% of respondents cited budgetary constraints; 44% cited employee education as a major concern and 40% called out lost or stolen devices.
The survey also asked what technology investments will likely be bypassed or curtailed due to spending freezes and budget cuts. Given the above information, however, the survey illustrates that even though employees are seeing increases in email- and Web-borne malware and phishing, IT budgets are not being sufficiently allocated to defend against these issues.
Specifically, the survey demonstrates that even though 72% of respondents have seen a rise in email-borne malware and phishing, 8% still plan on cutting money that would previously be earmarked to attempt to mitigate those risks. Even more alarmingly is that 40% of respondents admitted that securing lost or stolen devices – like the iPhone or Blackberry – is a top concern in the coming year, yet 15% of those surveyed will be reducing spending in this area.
In an attempt to uncover the impact of the recent Twitter and Facebook phishing attacks that have received extensive media coverage over the last several months, RSA Conference asked respondents how their organizations were affected. The survey found that while 84% of respondents allow the use of these tools, only a mere 3% were seriously affected by the attacks. Conversely, 73% said that their organization was not impacted at all and 24% indicated they were somewhat affected.
“We rely on the real world experiences of security practitioners to develop the educational programming and the agenda at RSA Conference,” said Sandra Toms LaPedis, Area Vice President and General Manager of RSA Conference. “This survey not only serves as a benchmark for the industry and a vehicle to learn from one another, but also provides insight into the issues that may become the content focus of RSA Conference 2010.”