Friday, December 10, 2010

Malware incidents drive up IT costs, survey finds

The main driver of IT operating expenses is the increasing costs of malware incidents, according to a recent survey of IT personnel conducted by the Ponemon Institute.

A full 59% of the 782 IT practitioners surveyed said that malware was a significant factor for increasing operating expenses.


Over a third of organizations experienced at least 50 malware incidents per month, or more than one intrusion per day, the State of the Endpoint 2011 survey found. Forty-three percent of respondents noted a dramatic increase in malware attacks in 2010.


“What we are seeing is that malware incidents are increasing, and those incidents are causing an impact to organizations. Malware generates help desk calls, re-imagining costs, and lost productivity”, said C. Edward Brice, senior vice president for worldwide marketing at Lumension, which sponsored the survey.


“IT is getting a much better handle on what their costs are, and what they are seeing is that there is a hard cost associated with malware”, he told Infosecurity.


In addition, about one-third of organizations put no restrictions on which applications run on their network, while another one-third employ application policies but do not actively enforce them, according to the survey.


Despite this lax security, a majority of those surveyed said that preventing applications from being installed or executed is a top challenge for IT security managers.


According to the survey, mobile/remote workers (50%), PC desktop/laptop vulnerabilities (48%), and the introduction of third-party applications onto the network (39%) are the greatest areas of end point risk currently. This is a shift from last year, where end point security concerns were mainly focused on removable media and data center risks.


“Most companies have more mobile and remote workers who are working from mobile platforms that are becoming smarter and able to house more sensitive data. We are definitely seeing application risk shift away from servers and operating system to mobile platforms like laptops and third-party applications”, Brice said.


The top five applications that concern IT managers the most when it comes to security are: third-party applications outside of Microsoft (58%), Adobe (54%), Google Docs (46%), Microsoft operating system/applications (44%), and Oracle applications (39%).


Despite increasing application risks, organizations are sticking with older technologies, even though there are newer technologies better able to reduce end point risk, the survey found. This issue was most notable with the following technologies: vulnerability assessment (used by 51% but considered effective by 70%); application whitelisting (used by only 29% but considered effective by 44%); device control (used by 26% but considered effective by 57%); and end point management and security suites platform (used by 40% but considered effective by 61%).


For 2011, respondents said that the top three security threats are expected to be increasing volumes of cyber attacks and malware incidents (61%), negligent insiders (50%), and cloud computing (49%).


Larry Ponemon, chairman and founder of the Ponemon Institute, commented on the survey: “There is a real need to put the appropriate technologies and personnel in place to best-position organizations of all sizes and in all industries for success in the ongoing battle to ward off cyberthreats as we head into 2011.”


If you find your company spending too much time and money on malware, you are in need of a Application vulnerability assessment from Razorpoint Security, give us a call, 212.744.6900.


This article is featured in:
Application SecurityInternet and Network SecurityMalware and Hardware Security