The 2010 survey is complete and I have dug through and have the following thoughts to offer. First off though – thank you to Symantec for making the information so readily available. They have provided the slides via slideshare, the PDF report, and the press release. My efforts below are not to reproduce the report, but instead to carry the ideas and findings one step further. In addition, my hopeful final goal is to challenge the report and certain aspects of the findings in the spirit of relative context.
“Enterprise security is IT’s top concern” – when compared to the other options listed in the survey I do not find this impressive, as digital threats are the most direct concerns. On page 5 of the report though the detail about 94% of businesses expect to change their cyber security efforts and 48% are planning major changes is impressive. That highlights the intelligent repositioning of enterprises and the continued focus on remaining engaged with the threats and not passive. This also likely has correlation to businesses increased focus on deploying greater information technology throughout the business, and throughout the expanding consumer / business markets. Major changes are a natural result in these cases.
“Enterprises experiencing frequent attacks” – 75% of business experienced a cyber attack within the past 12 months is a significant figure. If a cyber attack is considered an event that “activates” the incident response teams and / or forensic groups that is a significant cost and concern. Attacks, as every firewall administrator and Grandmother who gets a virus, occur non-stop online, so it is important to qualify and scale these attacks by crtiicality. This is an important fact in the survey, but more important in the enterprise. The help desk of most organizations is ably suited to respond to malware infections and queuing systems for remote desktop configuration refreshes. For situations that involve a lose of trust for a specific system resulting from extended malware infection, odd behavior, or log evidence of unauthorized access – these systems should activate the appropriate resources to address these risks directly.
Most problematic IT initiatives from a Security standpoint:
- Server Virtualization
- Endpoint virtualization
The common thread of these initiatives is the abstract nature of the actual computing system. Whether virtual or processed within a distributed computing environment the necessity to translate information security safeguards is not automatic. In fact, most conversions into these initiatives highlights the inherent weaknesses that are present in the existing infrastructure, but were addressed through compensated / ad-hoc controls. Therefore, while difficult the net risk posture will improve. Another perspective is the organizational shift that occurs when network/system operators become service delivery specialists. This cultural swing away from computing system management to application procurement and service management requires careful attention, training, and tight feedback cycles.
The report concludes with some strategic recommendations that are worth reviewing and confirming are currently in operation.
Overall the statistics and findings are in-line with concerns and challenges enterprises have been addressing last year. The survey provides a nice update and is certainly useful. As in any survey, consider the source and recognize that your environment is unique. Such individuality of computing systems by its very nature requires a custom and reflective approach to managing risk and security within the organization.