This compares with 64% of respondents who felt their networks were less secure in 2010 and 59% in 2009, indicating that IT professionals perceive increasing security threats to their networks. Ponemon surveyed 688 US IT and IT security professionals for the report.
IT professionals “really feel that their networks have not become more secure year over year”, said C. Edward Brice, senior vice president of worldwide marketing at Lumension.
According to the annual survey, the State of IT Endpoint Risk, organizations have seen an increase of 56% in the vulnerabilities among third-party applications, which is up almost 10% from 2010.
Third-party applications were ranked number one in terms of most concerning risk, yet only 23% of respondents had a patch and remediation strategy in place to secure third-party applications.
Mobile and remote employees risk went up by 4% in 2011 to 49%, while security concern for mobile devices and platforms saw a huge jump from 9% in 2010 to 48% in 2011. In addition, security concerns about removable media, such as USB sticks, jumped from 10% in 2010 to 42% in 2011.
“Enterprise mobility is definitely here, but it seems that IT might be behind the curve in terms of addressing and managing the risk”, Brice told Infosecurity.
Cloud computing infrastructure risk also jumped from 18% in 2010 to 43% in 2011, yet 62% of those surveyed said they have no cloud strategy in place. In addition, 52% of respondents anticipate increased use of virtualization by their enterprise, but close to half said that no one department has responsibility for security measures.
“IT is really focused on how to enable the enterprise to be more agile to ensure that employees are more productive and also reduce their TCO [total cost of ownership]. As a result, we are seeing more security concerns about cloud computing, virtualization, mobile devices, and mobile storage platforms”, Brice said.
While perceived risks are increasing, security budgets remain a concern for IT professionals. While 25% of respondents said their security budgets are expected to increase in 2012, close to one-third of respondents said that insufficient resources are a significant concern. Also, 40% of respondents said collaboration between security and IT is poor and/or nonexistent.
“There is a disconnect between the support IT is getting from the organization both in terms of resources and understanding about the risks”, he said.
“IT is in a position of how to say ‘Yes’ to these new tools, but to do so in a more secure way”, Brice said.
Despite an overall increase in malware incidents from 2010, the concern for malware continues to decrease. According to respondents, on average, malware incidents have nearly doubled to 43% from 27% in 2010, with respondents commenting that they have seen significant increase in the frequency of web-born malware attacks, with more than 50 malware attempts occurring per month within their organizations.
Yet, the concern for malware by IT staff has decreased by 48% from 2010 to 2011. According to the survey, IT staff are more concerned with finding ways to secure new technologies, such as mobile, cloud computing, and social media applications versus formulating a centralized network strategy for security.