Companies are overlooking a new generation of security threats
Technologies like BYOD, mobility, cloud computing, and internet usage, as well as internal actions both accidental and malicious, introduce organizations to a multitude of new risks.
But a majority of IT leaders don't see these threats as top concerns and aren't prioritizing dealing with them. Almost three-quarters of those surveyed admitted to having a security breach in the last year but only 18 percent thought predicting and detecting unknown threats was a major security concern. More worrying is that 83 percent said their current procedures allowed IT staff to identify a breach immediately, when actual detection took an average of seven hours.
Threats come from both inside and outside the organization and are often concealed in poorly-defined settings or ineffective access management and usage policies. 64 percent of respondents agreed that organizations will need to restructure and reorganize their IT processes, and be more collaborative with other departments to stay ahead of the next security threat. Of those surveyed in the United States, 85 percent said this approach is needed, contrasting with only 43 percent in the UK and 45 percent in Canada.
Matt Medeiros, vice president and general manager, Dell Security Products, Dell Software Group says, "Traditional security solutions can defend against malware and known vulnerabilities, but are generally ineffective in this new era of stealthy, unknown threats from both outside and inside the organization. These threats evade detection, bypass security controls, and wreak havoc on an organization’s network, applications, and data, but despite these dangers, our study found, among those surveyed, organizations are just not prepared. There is still a disturbing lack of understanding and awareness of the type of impact and detriment caused by the unknown threats that can come from both sides of an organization's data flow".
BYOD, cloud and the internet are seen as major areas of concern. Whilst 93 percent of organizations surveyed allowed personal devices for work, only 44 percent of those responding said instituting policies for BYOD security was of high importance in preventing security breaches.
The picture is the same with the cloud, 73 percent (90 percent in the US) report that their organizations use the cloud but only 49 percent ranked cloud usage as a top security issue for the next five years and only 22 percent said moving data to the cloud was a major security concern for today.
Awareness of internet threats is higher, with 63 percent of respondents ranking increased reliance on internet and browser-based applications as a top concern in the next five years. More than a fifth of respondents put infection from untrusted remote access like public Wi-Fi among the top three security concerns and 47 percent identified malware, viruses and intrusions as the root cause of security breaches.
Medeiros concludes, "...we believe a new security approach is needed -- one that's embedded in the fabric of software, governing access to every application and protecting every device, both inside and outside a corporate network. Only then, with this Connected Security approach, will organizations have a chance at keeping one step ahead of these epidemic threats that can significantly damage their network".
The full report is available as a PDF on the Dell website.