[September 02, 2011] Bit9 Rolls Out Third Annual Endpoint Survey Tweet Sep 02, 2011 (Close-Up Media via COMTEX) -- In a year that IT security professionals have labeled the "Year of the Hack," Bit9 announced that its Third Annual Endpoint Survey of 765 IT executives revealed that Advanced Persistent Threat (APT) attacks -- like the one that infiltrated RSA, a division of EMC, and defense contractors this year - are of most concern to IT and security professionals. However, despite the concerns about APT attacks, the Company said the survey also showed that executives are not doing enough to protect against unauthorized software and malware from infecting their desktops, laptops and servers. Sixty percent of the respondents said they are concerned about APT attacks, more than double the next closest response, showing the growing anxiety among IT executives around modern threats. The second biggest hacking concern among IT executives, at 28 percent, is having one of their own employees steal company data and post it online, much like what happened at the Department of Defense (DoD) with WikiLeaks. In third place, at 26 percent, are concerns around a vendor partner being hacked, much like what happened to Epsilon earlier this year. And in fourth place, at 25 percent, are concerns over a cloud application breach, much like what happened with Sony. According to a release, the Third Annual Endpoint Survey from Bit9 Inc., a company focused on adaptive application whitelisting, provides insight from IT and security professionals in technology/software, government and defense, financial services/banking, and retail. The survey is designed to gauge endpoint security issues, employee behaviors and topline concerns that enterprise professionals grapple with every day. While worry remains high around cyber security breaches, the survey also showed a surprising 60 percent of the IT executives use either a written policy based on an "honor system," or have an open software environment without a security policy in place. However, risky behavior doesn't stop there. A narrow majority of companies surveyed (51 percent) said they allow their employees to download and install software. Bit9 noted that the companies that allow employees to download software often find digital music sites like iTunes, social media sites and instant messaging software on its endpoints. Additionally, almost 80 percent of companies allow employees to use removable storage devices, exposing companies to the loss of sensitive data and intellectual property while increasing exposure to malware. "Breaches that occurred in the first half of 2011 have changed the rules of security by exposing high profile companies like RSA, Sony, Lockheed Martin and numerous others," said Tom Murphy, chief strategy officer, Bit9. "Our data finds that companies are increasingly worried about advanced persistent threat attacks, but they continue to engage in risky behaviors. Companies are gambling on a losing game by failing to put security policies in place. It's not a case of if a breach will occur, but when and how severe." Additional findings from the survey, as described by the Company, include: -Companies continue to allow employees to engage in risky behaviors: IT executives have become even more hands-off in their software usage policy over the past three years, with 51 percent of respondents admitting that users have full rights to download and install applications. These relaxed download policies have increased 12 percent from 2010 when 39 percent said they did not have a policy that prohibits employee downloads. That figure increased by 22 percent from 2009 figures. Additionally, nearly 30 percent of IT executives allow the use of personal mobile devices at work that connect to the company Intranet. -Endpoint security failures can take down networks: While the majority said they have not experienced network outages due to unauthorized software or malware, almost 20 percent of IT executives admit that unusual software found on the endpoint has resulted in crashing the company's networks. These crashes meant lost productivity. Of those who experienced downtime, 30 percent said the crashes took down their network for three to six hours and 89 percent said the crashes lasted two hours or less. -Successful breach of company's inbox stirs emotions: More than a quarter of IT executives would be mildly embarrassed by a breach exposing their company's inbox, while more than half admitted to being mortified. Most noteworthy is that seven percent claim that their company would be out of business if such a breach would occur. More information: www.bit9.com/Bit9-Endpoint-Security-Survey-2011 www.bit9.com ((Comments on this story may be sent to [email protected])) [ Back To TMCnet.com's Homepage ]