|Not a member? Sign up now!|
The 2011 State of Security Study asked 100 New Zealand organisations to identify the most significant threats facing their organisations. Cyberattacks emerged as the most significant risk, ranking above accidental IT incidents and IT attacks conducted by insiders which respondents said are the second and third most significant risks. Traditional crime, natural disasters, brand-related events such as incidents that cause negative publicity, and terrorist acts were rated the fourth through seventh most significant risks.
Concern about cyberattacks is well-founded with two-thirds (64 percent) of the surveyed businesses having experienced a cyberattack in the past 12 months. In addition, one-tenth (10 percent) experienced an increase in the frequency of cyberattacks.
“High profile IT exploits witnessed throughout 2011 demonstrate that criminals are going after valuable targets around the world, a trend that is reflected in the study’s finding that Kiwi businesses see cybersecurity as increasingly important,” said Steve Martin, director, SMB, Pacific region, Symantec.
Mobile Computing, Social Media & the Consumerisation of IT Drive New Zealand Security
The survey also found that cybersecurity is more important to New Zealand businesses now than it was one year ago. In fact, more than one third (39 percent) see cybersecurity as being somewhat or significantly more important than 12 months ago.
The importance of cybersecurity is largely being driven by three key industry trends. The rise of social media in the business was identified as the technology most respondents saw as increasing the difficulty of securing their operations, with 46 percent seeing it as the most significant trend. Forty-three percent saw the introduction of personal devices into the workplace, a trend known as the consumerisation of IT, as creating new difficulties, while 39 percent worry that the rise of mobile computing will increase risk.
“The challenge for many businesses is finding the right balance of leveraging productivity-enhancing innovations like mobile computing, social media, the consumerisation of IT, cloud computing and virtualisation whilst not comprising on their levels of cybersecurity. The best approach for any business facing these security challenges is to apply the same levels of security and management to all endpoints – whether mobile, on premise or in the cloud – without exception,” said Martin.
Cyberattacks Cause Downtime, Financial Cost & Data Loss
Every organisation surveyed experienced some form of loss as a result of a cyberattack, the study showed. Twenty percent of businesses experienced a loss of NZD$70,000 or more as a result of a cyberattack. More than half of the survey respondents (56 percent) experienced downtime as a result of cyberattacks; 24 percent lost other corporate data; 21 percent lost intellectual property and 20 percent reported theft of financial data or credit card numbers.
Nearly one in four (22 percent) could not identify what sort of information was taken or impacted as a result of a cyberattack. Organisations surveyed could however pinpoint the nature of attacks and reported that social engineering attacks and malicious code attacks were growing somewhat or extremely quickly.
“The prevalence of data loss caused by cyberattacks reported in this study highlights the need for more stringent cybercrime laws and legislative reforms that require companies to fast-track the notification of their customers of a data breach in New Zealand. We recommend that organisations take a proactive and holistic approach to their IT security that minimises the likelihood of data breaches caused by cyberattacks,” added Martin.
Forty-four percent of respondents said they have experienced a somewhat or extremely high level of attacks from both malicious code and social media.
Forty percent of respondents are pursuing strategic security initiatives and 38 percent pursuing new security technologies in response to cyberattacks.
Mobile security tools are on the shopping lists for more than a quarter (28 percent) of New Zealand businesses.
New Zealand’s top three growth areas for staffing were web security (48 percent), network security (45 percent) and messaging security (43 percent). Businesses identified growth for budgets much the same, with web security (37 percent), network security (34 percent) and security systems management (32 percent) leading the way.
Only 30 percent are increasing spend on end-user training and awareness while spending on security for virtualised and public cloud systems is accelerating at 28 and 21 percent respectively.
Organisations need to protect their infrastructure by securing their endpoints, messaging and web environments. In addition, defending critical internal servers and implementing the ability to back up and recover data should be priorities. Organisations also need the visibility and security intelligence to respond to threats rapidly.
IT administrators need to protect information proactively by taking an information-centric approach to protect both information and interactions. Taking a content-aware approach to protecting information is key in knowing where sensitive information resides, who has access, and how it is coming in or leaving your organisation.
Organisations need to develop and enforce IT policies and automate their compliance processes. By prioritising risks and defining policies that span across all locations, customers can enforce policies through built-in automation and workflow and not only identify threats but remediate incidents as they occur or anticipate them before they happen.
Organisations need to manage systems by implementing secure operating environments, distributing and enforcing patch levels, automating processes to streamline efficiency, and monitoring and reporting on system status.
About the 2011 State of Security Study
Symantec debuted the State of Security Study in 2010 and this year has expanded the report to include small and mid-sized businesses as well. Applied Research fielded this survey on behalf of Symantec by telephone in April 2011. Of the New Zealand organisations surveyed all respondents were all in the 5 to 499 employee range. The survey has a reliability of 95 percent confidence with +/- 9.8 percent margin of error.
Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organisations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available at www.symantec.com.