Enterprises are caught between a rock and a hard place, a damned if you do or damned if you don’t zone where attacks to their network are consistent and effective, a new report from Symantec outlines. This is despite the fact that most Enterprise operations are at a constant state of alert.
Symantec: Enterprise caught between rock and hard place.(IMG:Symantec)
The study is based on surveys of 2,100 enterprise CIOs, CISOs, and IT managers from 27 countries in January 2010. Everyone who responded to Symantec’s questions said that they experienced a loss of some kind in 2009. The top three losses are said to be intellectual property, credit card and other financial information, and personal information. Operational losses, including productivity and trust, also include an average cost of about $2.8 million annually for larger Enterprise operations.
According to respondents, over the last 12 months, 75 percent of them experienced a cyber attack of some kind, and 36 percent noted that the attacks were effective. Worse, 29 percent of enterprises reported attacks have increased in the last 12 months.
However, the rock and hard place comes from the fact that enterprises are aware of the mounting costs and scaled up attack efforts on various levels. They bring on more staff, and yet feel overwhelmed and pressured to hire on more security practitioners. Datacenter initiatives, such as SaaS and virtualization, help lower costs, but make managing security a nightmare for some IT shops.
Most of Symantec’s report serves to prove what many IT reports have stated over the past few months, which is that IT shops, both big and small, face challenges from all directions, and attempting to keep up with the rat race against criminals is a futile effort.
There is no magic bullet. No one level of security will provide protection, and despite a security vendor being behind the data in the report, if they are honest about it, even they will admit that no single vendor is equipped to deal with all the threats and problems online.
Organizations face attacks every hour, and while there is a new buzz term for these attacks, the Advanced Persistent Threat (APT), the fact remains that they are nothing new at all. If you strip the hype away from the APT and the news centering on Google and China, the positive from all of it is awareness. C-Level executives are starting to wake up to the fact that consistent attacks are a way of life in the cyber world, and they need to approve funding to IT to help mitigate them.
Yet, grow too fast or spread resources to thin, and you open the surface to attack on your networks and press your back against that rock, looking straight forward at the proverbial hard place.
Symantec said that organizations need to protect their infrastructure by securing their endpoints, messaging and Web environments. In addition, defending critical internal servers and implementing the ability to backup and recover data should be priorities. Organizations also need the visibility and security intelligence to respond to threats rapidly.
Good advice, but operation teams responsible for security aren’t clueless, they know the threats, and have some idea as to how to deal with them, but they can only work with the resources and tools afforded to them. Miracle workers they are not.
So if there is something to be said about the APT buzz and data collected from Symantec’s report, it is that Risk Management is a viable tool in IT’s bag of tricks. To this end, C-Level executives and IT crews need to meet in the middle to define what the most critical assets are and protect them at all costs.
The full report is here.
Interested in a more interactive TTH? Join our Facebook Group Want regular updates from The Tech Herald? Follow us on Twitter
Advertising
Comment on this Story