A whopping 76 percent of survey respondents said their organization experienced a damaging breach within the past 12 months.
We’re all quite aware that cyber-attacks on businesses and individuals are on the upswing, but what we all might not realize is the rampant nature involving the sheer number of attacks and of the damage being done by both hackers and inside-the-firewall crooks.
To better understand the scope of these attacks, the burdens these attacks place on IT departments, and their effects on daily business, QuinStreet Enterprise conducted a survey of IT decision-makers asking about their security concerns. QuinStreet is the publisher of eWeek; the findings were released April 30.
Some of the results may surprise you. For example, the QuinStreet survey reported that a whopping 76 percent of respondents said their organization experienced a damaging breach within the past 12 months. This number is way up from the 40 to 50 percent figures from a year to two years ago recorded in other enterprise security research.
The consequences of these breaches aren’t trivial. They included corruption of servers, prolonged email system failure, revenue loss, customer dissatisfaction, and loss of employee information. The types of information compromised as a result of the breaches included intellectual property, employee and human resources data, customer accounts, and financial information.

Preventing Cyber-Attacks is Job 1 for Many Companies

Another data point: A full 50 percent of respondents consider preventing cyber attacks either the No. 1 most important or at least a top-three issue in their organization, ranking in some cases ahead of product development, customer service and making a profit..
Other key findings from the survey include:
–forty-four percent of respondents said their organization has increased the proportion of its IT budget allocated to security;
–most respondents’organizations have taken some type of new action (post-breach) to prevent new attacks; and
–only 14 percent of respondents reported no breaches of note in the last year. However, this number could be deceiving and not represent the true security picture because many breaches go unnoticed for a long time. This was the case in one recent large-scale breach that went undetected for 18 months.
Cyber thieves are targeting companies of all sizes to compromise systems and steal information that can be used to commit fraud and carry out other crimes. Any of these breaches can lead to additional problems. For example, a compromised server might be used to gain information for other attacks or employee information might be used for identity theft or to craft more realistic (and more targeted) phishing attacks.
Only 29 percent of respondents in companies with less than 1,000 employees reported that they have established best practices to try to get the problem under control.
Best Security Practices Still Need More Attention
In larger organizations (those with 1,000 or more employees), all of these percentages were higher. Fifty-eight percent ranked preventing cyber attacks as the most pressing — or at least top three — IT issue. Thirty-four percent said they have established best practices for the entire company.
If nearly half of enterprises are increasing their security spend, where are the increased dollars for preventing attacks going? Most companies said that after a breach they were adding additional security solutions (software, hardware and accompanying services); reviewing installed solutions to ensure they were up to date; and establishing and updating security best practices.
In large organizations, there is a growing concern about shielding against distributed denial of service (DDoS) attacks. These sophisticated attacks use compromised systems (servers and PCs) and botnets to generate large volumes of traffic aimed at a particular web site. The traffic overwhelms the site, effectively blocking access to the site by legitimate users.
Industry studies have noted that the frequency and size of these attacks has grown significantly in the last year. In the QuinStreet survey, 71 percent of respondents from large organizations rated DDoS security protection as very important.
The increased sophistication and variety of current cyber threats is having an effect on the solutions used to protect companies. In the past, a company might rely on anti-virus software, a firewall, and an intrusion prevention system (IPS); now almost all of the respondents (95 percent) noted that they need multiple solutions — meaning six or more security products.
Trusted Vendors in the Sector
When asked which vendors offered the most comprehensive solution for cyber attacks, Symantec, Cisco, and Intel Security (which includes the security solutions from McAfee) ranked highest, selected by 44 percent, 36 percent, and 32 percent of the respondents, respectively.
Most users also ranked these three companies as the ones with which they had the most familiarity. One additional company with a strong familiarity ranking was Microsoft. However, the rating for the comprehensiveness of its solutions was lower (22 percent) that the other three companies.
Another  significant finding is the increased role of traditional infrastructure companies in providing security solutions. From a familiarity standpoint, the traditional anti-virus security companies (Symantec, Microsoft, Intel/McAfee, Kaspersky, and Trend Micro) all were ranked fairly high.
Cisco, HP, EMC, Dell, and IBM also rated on the high side. This might be due to the changing nature of attacks and their perceived threat. For example, as noted above, protecting against DDoS is now a great concern, and this type of attack needs infrastructure elements to help detect and minimize its impact.
How the Survey was Conducted
The QuinStreet Enterprise security survey was conducted by sending an email invitation for participants to answer an online questionnaire. The email list was derived from visitors to QuinSteet Enterprise B2B web sites. The IT decision-makers who took the survey had to have involvement in the purchase process for security solutions. As an incentive, the first 100 survey respondents received a $10 Amazon gift certificate. All those who completed the survey were eligible for a sweepstakes for one $300 Amazon gift certificate. All told, 387 qualified participants completed the survey.

Leave a Reply