According to a recent survey, 54 percent of organizations have experienced cyber attacks, with 21 percent of the cyber attacks causing more than $100,000 in measurable damages, and 11 percent causing more than $500,000 in measurable damages.
The 1st Annual Enterprise Security Survey, generated through an online survey of security decision makers spanning a wide range of industries, indicates that a vast majority of businesses are reliant on the Internet to conduct business and have experienced some form of cyber attack in the past year. Additionally, the survey demonstrates a trend in the change in security spending habits due to government regulations such as HIPAA and Sarbanes Oxley.
“It´s clear that today´s organization is becoming more security-aware as they become increasingly inter-connected with customers and partners via the Internet,” said Peter Rendall, president and CEO of Top Layer Networks. “In addition to the recent emphasis on regulatory compliance, new fast-emerging complex cyber threats are driving organizations to formalize their IT security policies and deploy new technologies that help ensure business operations continue uninterrupted.”
According to the survey, 54 percent of respondents have experienced a cyber attack, with 21 percent of respondents projecting damages caused by these attacks reaching more than $100,000. 87 percent of respondents said they were “entirely” or “highly” Internet-reliant. Despite the high-reliance on Internet connectivity, 24 percent of organizations polled do not currently have a formal IT security policy in place for employees, though nearly half are in the planning process.
Quarter of respondents spend more than $100,000 annually to secure access to the Internet. In addition, 35 percent feel that their existing security infrastructure does not offer adequate protection of their servers, and 38 percent feel that existing security infrastructure does not offer adequate protection for their desktops. This explains why nearly 60 percent of respondents reported an increase in spending on information security products from 2004 to 2005 – only three percent reported a decrease in spending. When evaluating network security products, respondents identified the top three purchasing factors as Protection (66 percent), Reliability (63 percent) and Performance (40 percent).
“Protection, reliability and performance are the foundation of effective network security solutions, and it´s crucial that any deployed solution doesn´t negatively impact the business operations of a company itself while providing desired levels of protection,” continued Rendall. “Many solutions on the market can´t offer all three — protection, reliability and performance — so it´s important to navigate the marketing fluff to get to how the technology would work in a real-world environment.”
Security purchases are driven both by regulatory requirements and by the continuous rise of new threats. Nearly two-thirds of polled organizations cited that they must comply with at least one government regulation such as HIPAA, Gramm Leach Bliley or Sarbanes Oxley.
In addition, spyware is perceived to be the most significant upcoming threat for networks with more than 40 percent of respondents identifying it as a threat; 29 percent said worm infections and 24 percent named Distributed Denial of Service (DDoS) attacks as the most significant threats. These are also the same threats that are grabbing headlines in the media.
Intrusion Prevention Systems (38 percent) outpolled Intrusion Detection System (36 percent), as more respondents have come to realize that blocking attacks is preferable to just detecting them.