Brocade, which interviewed 144 RSA Conference attendees from a wide variety of different sectors, found that 18% of respondents believed company security policies were being totally enforced. One in 10 respondents felt that not enough policies were being enforced effectively at the network security level, however. The remainder fell somewhere in between.
Brocade also found that almost half of all respondents believe their network security solutions are less than 25% effective in stopping security threats. Forty-eight percent of them said that their network security stopped one in four or fewer network attacks against their organizations (although how can they be sure how many attacks hadn't been stopped?). As Donald Rumsfeld famously said, there are lots of unknown unknowns. It wasn't clear from the survey whether this was down to poor configuration, or inadequate equipment.
Half of all respondents were most worried about insider threats, particularly individuals selling sensitive information to competitors. Significantly, threats by foreign governments were the next most serious concern, with 15% of respondents pinpointing this issue. This reflects the mounting coverage of cyber espionage incidents that we are now calling advanced persistent threats, which are now happening at an international scale, such as Operation Aurora, that emerged in January.