Meanwhile, intrusion rates experienced by large enterprises have been up and down over the past three years; this year there was a significant decline among large companies reporting a successful intrusion, from 67% in 2010 to 49% in 2011, according to a survey of 350 IT managers and network administrators.
In the previous year’s study, a significant increase of intrusions among large companies was reported, jumping from 41% in 2009 to 67% in 2010. However, the number of large companies that reported an intrusion declined from 56% in 2008 to 41% in 2009.
For midsize companies, the last four years of the survey results have been steady: 58% experienced intrusions in 2011, 59% in 2010, 57% in 2009, and 61% in 2008.
“It doesn’t appear that there has been much progress overall in fighting off intrusions….Organizations are really struggling with hackers and other types of people causing unauthorized intrusions”, Steve Birnkrant, chief executive of Amplitude Research, told Infosecurity.
Respondents who reported a successful intrusion identified the following reasons: lack of adequate security policies/measures (17%), hacker/network attack (14%), employee carelessness/negligence (12%), unauthorized access by current/former employees (11%), virus/malware/spyware (10%), employee web usage (6%), lack of software updates (6%), and software security flaw/bug (6%).
In addition, more than one-fourth (26%) reported that their employer outsourced technology jobs to an offshore location such as India, China, or another foreign country – similar to the results in 2010 (28%) and 2009 (29%). Those organizations that outsourced technology jobs offshore were largely divided in 2011 over whether this had a positive impact (36%) or a negative impact (36%) on their organization’s network security. At the same time, 28% felt there was no impact.
Survey respondents whose organizations outsourced technology jobs were not as evenly divided on this issue last year. Nearly half (48%) thought that outsourcing had a negative impact on their organization’s network security. On the other hand, only 21% in 2010 felt it had a positive impact.
“It looks like organizations are warming up to outsourcing. There has been a shift in sentiment away from negative toward positive feelings about outsourcing technology jobs offshore….Some of the IT managers are saying that outsourcing has worked out well for them, so based on that experience they are not as concerned that it is having a negative impact on their network security”, Birnkrant said.
On cloud computing, 41% of respondents indicated that their company allows cloud-based file sharing applications to be run on their internal systems.
When asked which cloud-based file sharing services were allowed on their network, the most common selection was Dropbox (51%), followed by Syncplicity (25%), SparkleShare (25%), LiveDrive (24%), and LiveMesh (23%).
Although 41% allowed cloud-based file sharing applications to be run on their internal systems, 55% indicated this was not allowed (while 4% did not know). At organizations where this was not allowed, the most common reason for not allowing them involved security concerns (47%), although many others did not feel the need for this service (23%).