When 3,300 information-technology professionals were asked about cybersecurity, they said malicious code attacks accounted for the main type of cyberattack their organizations suffered during the past year, although “internal unintentional actions” by well-meaning insiders also wreaked havoc.
While about three-quarters of respondents to the “2011 State of Security Survey” sponsored by Symantec said cyberattack incidents were minimal, 21% said they happened “on a regular basis,” and 6% indicated they have suffered “a large number” during the past year.
When cyberattacks occurred, the main costs incurred were related to “downtime of our environment” and “lost productivity,” according to IT professionals in the financial, manufacturing, high-tech, healthcare, real estate and energy, and other sectors who answered the survey conducted by Applied Research.
The survey’s respondents also indicated they considered “targeted attacks,” “hackers” and “industrial espionage” to be significant security threats to their organizations, although “well-meaning insiders” who inadvertently cause security problems also got much mention.
That’s because one of the biggest headaches right now is a rise in social engineering attacks on employees via social-networking sites that involve tricking the employees into downloading malicious code, says Ashish Mohindroo, senior director of product marketing at Symantec.
The survey reports that the average mean productivity loss in the past 12 months was $915,303. When it was determined that a cyberattack led to loss of customer trust or damaged customer relationships, the amount was $1.14 million over the course of the past year, and loss of sensitive data racked up a $1.71 million loss.
When asked to rate the effectiveness of safeguards in curbing cyberattacks, the most effective method was seen as “keeping patches and definition files current,” and “perimeter security,” which only goes to show: The more things change, the more they stay the same.