Greater Allocation of Resources Not Resulting in Fewer Intrusions
BOCA RATON, FL and ALBUQUERQUE, NM, Oct. 23, 2007/PRNewswire/ — According to the Third Annual Enterprise IT Security Survey of 350 IT managers and network administrators commissioned by VanDyke Software that examines best practices in intrusion defense, not only is there an increased numberof IT professionals monitoring and maintaining their computers and networks, but IT managers and network administrators are also spending more time in their work week monitoring and maintaining user machines, office networks and servers. Despite this, the levels of unauthorized access/intrusions are holding steady, with significant exposures of sensitive data and potential financial impact on organizations.
Intrusions and damage done.
In 2007, more than one-third (38%) of the survey respondents reported that at least one of the user machines at their office had a successful intrusion by a hacker or other unauthorized person in the past two years. Results were similar in 2006 (37%) and 2005 (36%). Among those reporting an unauthorized intrusion of at least one user machine in 2007, a strong majority (64%) categorized the potential financial impact as being of “high impact” (16%) or “medium impact” (48%). More than half indicated that information that might have been obtained was either “highly sensitive” (14%) or “sensitive” (38%), with less than half reporting that the information was only “somewhat sensitive” or “not sensitive at all”.
The survey results were even more alarming for unauthorized access of office networks and servers, with over two-thirds of those reporting an intrusion indicating that it was of “medium” or “high” impact, and over half reporting that “sensitive” or “highly sensitive” information might have been obtained. Only a small proportion (12%) of those experiencing an unauthorized intrusion of their enterprise servers characterized the obtained information as “not sensitive at all”.
While the percentage of enterprises experiencing unauthorized access/intrusions has not changed significantly from year to year, the proportion of enterprises taking steps to “lock down” user machines / office network has remained high (91% in 2007, 88% in 2006, and 90% in 2005). Similarly, the proportion using firewalls, scanners, detection systems, or other security measures to “lock down” servers remained high (91%, 89%, and 89%).
Unauthorized access/intrusion levels similar three years running.
For each of the past three years, the survey has asked respondents whether there has been a successful intrusion of at least one user machine, their office network, or one or more servers. The results have remained almost identical from year to year: user machines (2007 – 38%, 2006 – 37%, 2005 – 36%); office network (2007 – 28%, 2006 – 27%, 2005 – 29%); and servers (2007 – 26%, 2006 – 25%, 2005 – 26%). “The findings of the survey suggest that while enterprises are committing more time and resources to fighting hackers and unauthorized intrusions, the challenges are ongoing, and the threat is still out there, capable of causing damage financially and lifting sensitive data,” said Jeff P. Van Dyke, president and founder of VanDyke Software, which has commissioned the Amplitude Research survey for three consecutive years.
Weekly monitoring vs. daily monitoring.
More than half (57%) participating in the 2007 survey reported spending at least 25% of their time monitoring, maintaining, or updating their user machines, office network, or servers, with just over one-third (30%) devoting at least 50% of their time. This was a significant increase compared to the 2006 survey results (48% spent at least 25% of their time) and 2005 survey results (42% spent at least 25% of their time). Because the 2007 results indicate consistent hardware levels among the respondent enterprises and no significant increase in the use of automated scripts, this suggests that IT professionals are having a very busy year handling security and maintenance tasks.
Despite the trend toward spending a larger share of the workweek on monitoring and maintenance, the percentage of respondents actively monitoring security on a daily basis declined significantly. Among those actively monitoring the security of their user machines / network, the proportion doing so on a daily basis declined from 39% in 2005 to 37% in 2006 to 28% in 2007. Similarly, among those actively monitoring the security of their servers, the proportion doing so on a daily basis declined from 45% in 2005 to 43% in 2006 to 35% in 2007. Steve Birnkrant, CEO of Amplitude Research, noted that “one possible explanation for this is better targeting of resources while, perhaps, a more negative interpretation is that IT managers and network administrators are overloaded with tasks.”
The 2007 study was conducted by Amplitude Research over the period October 2nd to October 5th 2007 among its nationwide web panel and had 350 total survey respondents with a margin of error of 5.2%. To obtain an executive summary of the 2007 survey results, contact Michael Krems of Krems Public Relations at krems@kremspr.com.
About Amplitude Research, Inc.
Amplitude Research® is a privately owned survey research organization headquartered in Boca Raton, Florida, with blue chip clients located throughout the United States and Canada. Amplitude combines its powerful survey platform, experienced survey administration, proprietary web sample, and high-quality reporting to deliver Loud and Clear™ results. Its leadership team has over 30 years of experience in quantitative survey research, and is supported by its staff of survey design experts, statisticians, project managers and IT professionals.
Amplitude's 10,000+ member IT panel (www.panelspeak.com) was formed in early 2002 and consists of five distinct segments: (i) C level or higher IT professionals including CTOs, CIOs, and MIS managers; (ii) developers, software engineers, programmers, database administrators, and security experts; (iii) systems administrators, network administrators, and networking managers; (iv) business executives at smaller size technology companies such as CEOs, CFOs, and senior managers; and (v) other IT professionals such as project managers, technical support specialists, and intranet managers.
The name "Amplitude" Research and its tagline "loud and
clear" signify Amplitude's commitment to high-quality reporting
with clear and concise presentation of the findings.
About VanDyke Software, Inc.
IT professionals who are responsible for network administration and end-user access where security is critical rely on VanDyke Software's rock solid and easy to configure software. The company develops secure, standards-based data access, file transfer, and communications software for internet and intranet use by corporations, government, and education. VanDyke Software consistently delivers accurate, responsive support, and addresses its customers' evolving needs with timely product enhancements. VanDyke offers a fully-supported 30-day evaluation of its products prior to purchase. For more information about VanDyke Software, visit the company's web site at www.vandyke.com.
"Thanks for the new feature and for the notification that it had been added — I don't really know of any other developer that notifies people who have given feedback like you guys do. That makes for very happy customers."
—Burt Heymanson, SecureCRT Customer
"I would like to thank you for the amazing quality of service and SecureCRT support you give to us."
—Anton Starovoytov, Solarix Networks, SecureCRT Customer
"Thank you for a great release! I've been actively using SecureCRT for many, many years and it's simply the best SSH client in existence!"
—Rich Tricoche, SecureCRT Customer
VanDyke Software uses cookies to give you the best online experience. Before continuing to use this site, please confirm that you agree to our use of cookies. Please see our Cookie Usage for details.
Here you can control cookies using the checkboxes below. Some cookies are essential for the use of our website and cannot be disabled. Others provide a convenience to the user and, if disabled, may reduce the ease of use of our site. Finally, some cookies provide anonymous analytic tracking data that help us provide the user with a richer browsing experience. You can elect to disable these cookies as well.
