75 Percent Of Enterprises Experienced Cyber Attack In 2009: Study

Symantec's 2010 State of Enterprise Security study, conducted throughout January and released Monday, explored the issue of security in relation to enterprise organizations. It was based on responses to surveys of 2,100 enterprise CIOs, CISOs, and IT managers from 27 countries.

The largest percentage of respondents (42 percent) rated cyber security as their top priority, ranking it over traditional criminal activity (17 percent), brand-related issues (17 percent), natural disasters (14 percent) and terrorism (10 percent).

The Symantec study found that cyber attacks cost businesses an average of $2 million per year -- up to $2.8 million in large enterprise organizations.

Enterprises report that attacks have become more frequent. Three-fourths of organizations say they have been victims of a cyber attack in the last 12 months, while 29 percent of companies say that attacks have increased over the last year.

id
unit-1659132512259
type
Sponsored post

In addition, every enterprise surveyed (100 percent) reported some kind of loss due to cyber activity in 2009, with the top three being theft of intellectual property, theft of customer credit card or other financial information, and theft of customer's personally identifying data. The losses led to significant costs for 92 percent of the respondents, primarily due to loss of employee productivity, loss of revenue, and customer attrition due to loss of trust.

However, despite the increasing severity of threats, enterprises claim that protecting networks from threats is becoming more of a challenge in light of reduced staffs, slashed budgets, and a slew of new IT initiatives and compliance regulations. First of all, enterprise security is typically understaffed, with the most heavily targeted areas being network security, endpoint security and messaging security.

New technologies and outsourcing initiatives, such as infrastructure-as-a-service, server virtualization and endpoint virtualization, exponentially increase the challenge of adequately securing data. Meanwhile, enterprises face increasingly stringent compliance regulations, while adhering to at least eight of the 19 regulatory mandates, including PCI, ISO, HIPAA, Sarbanes-Oxley, CIO and ITIL.

To help reduce the risk of a cyberattack, Symantec security researchers recommend that enterprise organizations take an information-centric approach when securing data, while implementing comprehensive Web, messaging, endpoint and network security technologies. Additionally internal servers should be equipped with backup and recovery solutions in the event of a natural disaster or cyber attack.

Large organizations need to prioritize data and develop, implement and enforce comprehensive IT security policies around most critical information, while implementing a system of monitoring and reporting for necessary audits.

Finally, enterprises need to ensure a secure operating environment by keeping patches installed and up-to-date and automating processes to increase efficiency.