Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science

Mega Trend 2 - Ponemon Institute

advertisement 
2009 Security Mega Trends Survey
Independently conducted by Ponemon Institute LLC
Sponsored by Lumension
Ponemon Institute© Private & Confidential Document
Page 1
Ponemon Institute
LLC
 The Institute is dedicated to advancing responsible information management
practices that positively affect privacy and data protection in business and
government.
 The Institute conducts independent research, educates leaders from the private
and public sectors and verifies the privacy and data protection practices of
organizations.
 Ponemon Institute is a full member of CASRO (Council of American Survey
Research Organizations. Dr. Ponemon serves as CASRO’s chairman of
Government & Public Affairs Committee of the Board.
 The Institute has assembled more than 50 leading multinational corporations
called the RIM Council, which focuses the development and execution of ethical
principles for the collection and use of personal data about people and
households.
 The majority of active participants are privacy or information security leaders.
Sponsored by Lumension
Ponemon Institute© Private & Confidential Document
Page 2
About the Study
• We asked respondents in IT operations and IT security to consider
how eight Security Mega Trends affect their organizations today and
during the next 12 to 24 months.
• Based on pre-survey interviews with IT experts, we selected the
following eight Mega Trends: cloud computing, virtualization,
mobility and mobile devices, cyber crime, outsourcing to third
parties, data breaches and the risk of identity theft, peer-to-peer file
sharing and Web 2.0
• We learned what survey respondents believe to be the biggest
threats to a company’s sensitive and confidential data over the next
12 to 24 months.
Sponsored by Lumension
Ponemon Institute© Private & Confidential Document
Page 3
Security Mega Trends
Mega Trend 1: Cloud computing
• Cloud computing refers to solutions owned by third-parties on data center
locations outside the end-user company’s IT infrastructure. The demand for
cloud computing is expanding quickly, especially as the cost of remote
connectivity decreases.
Mega Trend 2: Virtualization
• Allows end-users to access multiple secure networks from a single
computer, wherein the PC or laptop essentially acts as a hardware
authentication token. With one computer, the end-user is able to gain
access to separate virtual devices or machines. Virtualization makes server
and operating system deployments more flexible and improves the use of
storage and systems resources.
Mega Trend 3: Mobility
• Organizations are dependent upon a mobile workforce with access to
information no matter where they work or travel. Typically, employees use
the following: laptops, VPNs, PDAs, cell phones and memory sticks.
Sponsored by Lumension
Ponemon Institute© Private & Confidential Document
Page 4
Security Mega Trends
Mega Trend 4: The external threat of organized cyber criminal syndicates
• Cyber crime usually describes criminal activity in which the computer or
network is an essential part of the illegal criminal activity. This term also is
used to include traditional crimes in which computers or networks are used
to enable the illicit activity.
Mega Trend 5: Outsourcing to third parties
• Organizations outsource sensitive and confidential customer and employee
data to vendors and other third parties to reduce processing costs and
improve operating efficiencies.
Mega Trend 6: Data breaches involving personal information are
increasing
• The Federal Trade Commission reports that the number one consumer
complaint is the theft of identity. It addition to potential fines, organizations
risk the loss of customer confidence and trust.
Sponsored by Lumension
Ponemon Institute© Private & Confidential Document
Page 5
Security Mega Trends
Mega Trend 7: Peer-to-peer file sharing
• P2P file sharing networks allow a group of computers to connect with each
other and directly access files from one another's hard drives. P2P filesharing networks can cause inadvertent transfers and disclosures of
documents that reside on an organization’s computers and laptops.
Mega Trend 8: Web 2.0
• Web 2.0 refers to a plethora of Internet tools that enhance information
sharing and collaboration among users. These concepts have led to the
evolution of web-based communities and hosted services, such as social
networking sites, wikis and blogs.
Sponsored by Lumension
Ponemon Institute© Private & Confidential Document
Page 6
And, the biggest threats are:
For the IT operations practitioner the biggest threats are:
• Outsourcing sensitive data to third parties
• Cyber Crime
• A mobile workforce
For the IT security practitioner the biggest threats are:
• Data breaches
• Access to cloud computing
• Outsourcing sensitive data to third parties
Sponsored by Lumension
Ponemon Institute© Private & Confidential Document
Page 7
IT Operations
Mega trend risk rating today and 12 to 24
months in the future
Bar Chart 1a
Mega trends today and in the next 12 to 24 months by respondents in IT operations
Each bar summarizes the combined percentage response for "Very High" and "High" security risks.
50%
50%
Outsourcing
45%
Mobile devices
48%
49%
47%
Cyber crime
47%
47%
Mobility
40%
Data breach
Cloud computing
39%
44%
42%
36%
35%
P2P file sharing
Web 2.0
31%
18%
Virtualization
35%
25%
24%
22%
Malware
0%
10%
Risk as perceived today
Sponsored by Lumension
Ponemon Institute© Private & Confidential Document
20%
30%
40%
50%
60%
Risk as perceived in the next 12 to 24 months
Page 8
IT Security
Mega trend risk rating today and 12 to 24
months in the future
Bar Chart 1b
Mega trends today and in the next 12 to 24 months by respondents in IT security
Each bar summarizes the combined percentage response for "Very High" and "High" security risks.
Data breach
65%
66%
Cyber crime
65%
48%
Mobility
77%
60%
59%
59%
Outsourcing
61%
58%
Cloud computing
50%
48%
Mobile devices
44%
46%
P2P file sharing
Web 2.0
41%
39%
Malware
41%
39%
25%
Virtualization
0%
10%
20%
Risk as perceived today
Sponsored by Lumension
Ponemon Institute© Private & Confidential Document
29%
30%
40%
50%
60%
70%
80%
90%
Risk as perceived in the next 12 to 24 months
Page 9
Two Samples
•
•
•
•
•
•
Our study utilized two separate sampling
frames (panels) built from conference,
association and professional certification
lists.
Web-based survey responses were
captured on a secure extranet platform.
We utilized two separate samples of U.S.
participants:
– IT operations: 825 (5.7% response)
– IT security: 577 (5.0% response)
Less than 1% rejection rate because of
reliability failures.
Respondents in both groups were asked
to complete the same survey instrument.
Margin of error is ≤ 3% on all adjective or
yes/no responses for both samples
Sample
description
IT Operations
IT Security
Total sampling
frames
14,518
11,506
Bounce-back
3,957
2,109
915
658
90
81
825
577
5.7%
5.0%
Total returns
Rejected surveys
Final sample
Response rate
Sponsored by Lumension
Ponemon Institute© Private & Confidential Document
Page 10
Mega Trends
Comparison of IT Operations and IT Security
Samples – Current Outlook
Line Graph 1a
Security mega trends as perceived today for both samples
Each point reflects the percentage responses for very high or high security risks at presentt
70%
60%
50%
40%
30%
20%
10%
0%
Cloud
computing
Virtualization
M obility
M obile devices
Cyber crime
IT Operations
Sponsored by Lumension
Ponemon Institute© Private & Confidential Document
Outsourcing
Data breach
P2P file sharing
Web 2.0
M alware
IT Security
Page 11
Mega Trends
Comparison of IT Operations and IT Security
Samples – Future Outlook
Line Graph 1b
Security mega trends as perceived 12 to 24 months for both samples
Each point reflects the percentage responses for very high or high security risks at presentt
90%
80%
70%
60%
50%
40%
30%
20%
10%
0%
Cloud
computing
Virtualization
M obility
M obile devices
Cyber crime
IT Operations
Sponsored by Lumension
Ponemon Institute© Private & Confidential Document
Outsourcing
Data breach
P2P file sharing
Web 2.0
M alware
IT Security
Page 12
Mega Trend: Outsourcing
Causes Data Breach
Bar Chart 2
Security risks due to outsourcing
Each bar is the percentage of respondents who selected the noted information security risk
Sensitive or confidential information may not be properly
protected
60%
56%
32%
Unauthorized parties might be able to access private files
without authorization
23%
4%
Increased threat of social engineering and cyber crimes
10%
IT Operations
Information may not be properly backed up
2%
3%
Inability to properly identify and authenticate remote users
1%
3%
0%
Sponsored by Lumension
Ponemon Institute© Private & Confidential Document
10%
20%
30%
40%
IT Security
50%
60%
70%
Page 13
Cyber Crime Experience
Bar Chart 3
Did your organization have a cyber attack?
100%
92%
90%
IT Operations
IT Security
80%
70%
60%
55%
50%
40%
32%
30%
20%
13%
5%
10%
3%
0%
Yes
Sponsored by Lumension
Ponemon Institute© Private & Confidential Document
No
Don't know
Page 14
Mega Trend: Cyber Crime
Will Increase
Bar Chart 4
Security risks due to cyber crime
Each bar is the percentage of respondents who selected the noted information security risk
40%
Attack will cause business
interruption
61%
Attack will result in the loss of
sensitive or confidential
business information
including trade secrets
29%
24%
IT Operations
Attack will cause the loss of
information about employees
or customers, thus requiring
data breach notification
IT Security
29%
14%
0%
10%
Sponsored by Lumension
Ponemon Institute© Private & Confidential Document
20%
30%
40%
50%
60%
70%
Page 15
Most Risky Mobile Devices
Bar Chart 5
Most risky mobile devices
Each bar is the percentage of respondents who selected the device as their highest risk
38%
Laptop computers
48%
PDAs and other handheld
devices
18%
19%
24%
Insecure wireless networks
14%
IT Operations
IT Security
15%
USB memory sticks
11%
5%
Cellular phones
8%
0%
10%
Sponsored by Lumension
Ponemon Institute© Private & Confidential Document
20%
30%
40%
50%
60%
Page 16
Mega Trend: Mobile Workforce
Increases Security Risk
Bar Chart 6
Security risks due to a mobile workforce
Each bar is the percentage of respondents who selected the noted information security risk
62%
59%
Inability to properly identify and authenticate remote users
16%
19%
Information may not be properly backed up
Third parties might be able to access private files without
authorization
11%
10%
Sensitive or confidential information may not be properly
protected
2%
6%
3%
0%
Ponemon Institute© Private & Confidential Document
IT Security
9%
Increased threat of social engineering and cyber crimes
Sponsored by Lumension
IT Operations
10%
20%
30%
40%
50%
60%
70%
Page 17
Confidence in the Ability to
Prevent Data Loss
Bar Chart 7
How confident are you that your current security practices are able to prevent
customer and employee data from being lost or stolen?
45%
40%
40%
35%
32%
30%
30%
23%
25%
22%
20%
15%
12%
12%
12%
13%
10%
5%
4%
0%
Very confident
Confident
Somew hat confident
IT Operations
Sponsored by Lumension
Ponemon Institute© Private & Confidential Document
Not confident
Uncertain
IT Security
Page 18
Mega Trend: Data Breach on
the Rise
Bar Chart 8
Security risks due to a data breach
Each bar is the percentage of respondents w ho selected the noted information security risk
32%
Loss of customer or employee information, thus requiring notification
of victims
35%
46%
Sensitive or confidential information that ends up in the hands of
cyber criminals and identity thieves
24%
14%
Diminished reputation as a result of negative media coverage
21%
IT Operations
IT Security
5%
Unauthorized parties gain access to private accounts
17%
0%
Sponsored by Lumension
Ponemon Institute© Private & Confidential Document
5%
10%
15%
20%
25% 30%
35%
40% 45%
50%
Page 19
Security Risks Due to Data
Breach
Bar Chart 9
Security risks due to a data breach
Each bar is the percentage of respondents who selected the noted information security risk
17%
Inability to restrict or limit use of cloud computing resources or
applications
29%
40%
Inability to assess or verify the security of data centers in the cloud
24%
13%
Third parties might be able to access private files w ithout
authorization
18%
1%
Dow ntime as a result of cloud computing failure
13%
29%
Inability to protect sensitive or confidential information
Information may not be properly backed up
12%
0%
Sponsored by Lumension
Ponemon Institute© Private & Confidential Document
IT Operations
0%
IT Security
3%
5% 10% 15% 20% 25% 30% 35% 40% 45%
Page 20
Mega Trend: P2P File Sharing
Causes Security Risk
Bar Chart 10
Security risks due to P2P file sharing applications
Each bar is the percentage of respondents who selected the noted information security risk
Use of P2P w ill result in the loss
of sensitive or confidential
business information including
trade secrets
55%
41%
20%
Use of P2P w ill increase the risk
of malw are or virus infection
30%
Use of P2P w ill cause the loss of
information about employees or
customers, thus requiring data
breach notification
16%
20%
Use of P2P w ill cause business
interruption
IT Operations
3%
IT Security
2%
0%
10%
Sponsored by Lumension
Ponemon Institute© Private & Confidential Document
20%
30%
40%
50%
60%
Page 21
Mega Trend: Web 2.0 Use
Increases Security Risk
Bar Chart 11
Security risks due to Web 2.0
Each bar is the percentage of respondents who selected the noted information security risk
64%
Use of Web 2.0 will result in the loss of sensitive or
confidential business information including trade secrets
34%
Use of Web 2.0 will cause the loss of information about
employees or customers, thus requiring data breach
notification
13%
26%
14%
Use of Web 2.0 will increase the risk of malware or virus
infection
23%
IT Operations
IT Security
4%
Use of Web 2.0 will cause business interruption
12%
0%
Sponsored by Lumension
Ponemon Institute© Private & Confidential Document
10%
20%
30%
40%
50%
60%
70%
Page 22
Mega Trend: Virtualization
Bar Chart 12
Security risks due to virtualization
Each bar is the percentage of respondents who selected the noted information security risk
Inability to properly identify
and authenticate users to
multiple systems
48%
49%
Third parties might be able to
access private files without
authorization
33%
28%
11%
Increased threat of social
engineering and cyber crimes
10%
Sensitive or confidential
information may not be
properly protected
Information may not be
properly backed up
3%
IT Operations
9%
IT Security
0%
1%
0%
10%
Sponsored by Lumension
Ponemon Institute© Private & Confidential Document
20%
30%
40%
50%
60%
Page 23
Recommendations
•
In our study, IT operations and security practitioners ranked the mega
trends they believe pose a high or very high risk to sensitive and
confidential information. To address these risks, we recommend the
following:
– Create and enforce policies that ensure access to private data files is
restricted to authorized parties only.
– Secure corporate endpoints to protect against data leakage and
malware.
– Make sure third parties who have access to your sensitive and
confidential information take appropriate security precautions.
– Train employees and contractors to understand their responsibility in the
protection of data assets.
– Ensure that mobile devices are encrypted and that employees
understand the organizations’ policies with respect to downloading
sensitive information and working remotely.
– Understand precautions that should be taken when traveling with
laptops, PDAs and other data bearing devices.
Sponsored by Lumension
Ponemon Institute© Private & Confidential Document
Page 24
Samples’ Organizational Characteristics
Sponsored by Lumension
Ponemon Institute© Private & Confidential Document
Page 25
Samples’ Combined
Industry Distribution
Pie Chart 1
Industry distribution of the combined IT operations and IT security samples
3%
2% 2%
2% 1%
Financial services
17%
Government
5%
Pharma & Healthcare
Education
Defense
5%
Technology & Software
Hospitality & Leisure
11%
6%
Retail
Professional Services
Telecom
6%
Manufacturing
9%
6%
Research
Energy
Airlines
8%
6%
6%
Sponsored by Lumension
Ponemon Institute© Private & Confidential Document
Entertainment
Transportation
Page 26
Sample Characteristics
The mean experience level for the IT operations sample is
8.9 years and for the IT security sample is 9.4 years.
Table 2
What organizational level of respondents
IT Operations
IT Security
Senior Executive
1%
0%
Vice President
2%
2%
Director
21%
24%
Manager
24%
26%
Associate/Staff/Technician
45%
39%
Consultant
4%
6%
Other
2%
3%
100%
100%
Total
Sponsored by Lumension
Ponemon Institute© Private & Confidential Document
Page 27
Sample Characteristics
60% of respondents are male and 40% female.
Table 3a
Geographic location
Pct%
Table 3b.
Organizational headcount
Pct%.
Northeast
20%
Less than 500 people
2%
Mid-Atlantic
19%
500 to 1,000 people
4%
Midwest
19%
1,001 to 5,000 people
12%
Southeast
13%
5,001 to 25,000 people
29%
Southwest
14%
25,001 to 75,000 people
34%
Pacific
17%
More than 75,000 people
19%
Total
100%
Sponsored by Lumension
Ponemon Institute© Private & Confidential Document
Total
100%
Page 28
Related documents
NtregaBusinessPlanExpress 1.1 MB
NtregaBusinessPlanExpress 1.1 MB
presentation
presentation
Successful Teams
Successful Teams
Strategic Science and Technologies Presentation
Strategic Science and Technologies Presentation
Fortivoice Phone system_Presentation_Sept2011_r2
Fortivoice Phone system_Presentation_Sept2011_r2
G5 Corporate Overview and Capabilities
G5 Corporate Overview and Capabilities
Advertiser funded programming
Advertiser funded programming
HSC Geography: urban places Mega Cities in Developing Countries
HSC Geography: urban places Mega Cities in Developing Countries
Download
advertisement