September 2006 Security Survey: Security Breaches Strike One in Three Companies
By Allan Alter | Posted 09-07-2006September 2006 Security Survey: Security Breaches Strike One in Three Companies
The first set of results from our latest annual Security Survey provides an update from the war zone that is IT security. There's plenty of bad news: over half of companies over $1 billion report security breaches in the past 12 months, and 45 percent have been targeted by organized criminals. Penetration by spyware and viruses remain problems, but they're not the only ones: nearly half of all companies that have had security breaches say equipment containing company data has been lost or stolen. Many other organizations besides the Veterans Administration and Fidelity Investments have lost laptops containing sensitive personal data.
What's behind these unhappy numbers? We asked respondents to name their top three internal security concerns, and which technologies are seen as the top three security threats. Careless, risky employee behavior, lack of awareness and management resistance still have CIOs worried, while vulnerabilities in Microsoft software top the list of technical threats. In fact, 30 percent say their company has moved some systems off Windows to reduce security risk.
We'll be releasing more findings from the survey each Wednesday this month; see below for the full schedule.
vulnerabilities are considered the most significant IT-security risks."> Finding 1: Employee negligence and Microsoft vulnerabilities are considered the most significant IT-security risks. Next page: Almost half of large companies have been targeted by online criminals.
companies have been targeted by online criminals."> Finding 2: Almost half of large companies have been targeted by online criminals. Next page: One company in six has lost equipment containing company data in the past year.
six has lost equipment containing company data in the past year."> Finding 3: One company in six has lost equipment containing company data in the past year. Research Guide:
Upcoming results from the Security survey:
Read our previous surveys on the IT security, privacy and risk:
Related stories:
Case studies: Interviews and Expert Voices: Opinion:
For more data and analysis, see CIO Insight 's Research Center blog at go.cioinsight.com/researchcentral
Employee negligence and Microsoft
There's been no change in the top employee security concerns. But it is revealing to note that when managers resist security policies, their employees are also less likely to follow their companies' policies. Meanwhile, Redmond's worst fears are coming true: Many companies have reduced their Windows dependency because of security concerns.
Almost half of large
Besides organized crime mobs, large companies are likely to be targeted by disgruntled ex-employees, because bigger companies tend to have more morale problems, as our August "IT Organization Survey" showed. Large companies may also report more attacks because they have invested in detection technology, while crooks and malcontents at smaller companies could be flying under the radar.
One company in
Many of the year's biggest IT-security news stories, such as the Veterans Administration scandal, involved stolen laptops or equipment. These were not isolated incidents: One in three of our respondents admit to security breaches in the past year. And of those, nearly half say these breaches involved lost or stolen equipment. Viruses and spyware remain the most common problems.
Trends:
