Two-Thirds of Big Companies Suffer Successful Hacks This Year
Number of attacks is on the rise, as is rate of success even in companies that pay attention to security.
According to Network World's latest Enterprise IT Security Survey , 67 percent of companies with more than 5,000 employees had at least one successful network penetration this year, compared to 41 percent last year. Mong companies with 1,000 to 5,000 employees, 59 percent were hit, compared to 57 percernt last year.
The reasons for the increase and for their increasing success are all over the map: 12 percent blamed poor secuity; 10 percent blamed employee Web usage, others pointed to malwaree, weak passwords or carelessness.
One quarter said their employer outsources IT jobs and that foreign workers might be the source of some attacks.
Those are great statistics (for people writing stories about them, not for people trying to harden the Web gateway). But there are better ones: Symantec's similar survey found that 75 percent of organizations suffered cyber attacks during the previous 12 months, costing an average of $2 million per year. The biggest problems those poor sods named was understaffing in security and weak endpoint security.
That's going to be a bigger problem as time goes on, points out Symantec SVP of Enterprise Securty Francis deSouza. More and more endpoints are crowding into corporate networks -- handhelds, iPhones, tablets, iPads, personal laptops -- as well as entities such as virtual servers and virtual desktops that are harder to identify and stop within a firewall.
Outside the firewall, rapid growth in the use of SAAS and Cloud Computing services is poking potentially exploitable holes in corporate firewalls, despite promises to keep such connections safe from intruders.
And that's even without such monumental goofups as the Oracle administrators who know there is personally identifiable information in their databases but encrypt it less than one time out of three. Meanwhile, three quarters of the Oracle User Group respondents said their companies have no firm plan to respond to an intrusion or even know if someone is already tampering wiht their databases. Oracle joined Microsoft this week in announcing it would release a host of critical security patches this week, closing, they hope, more potential holes for rats to enter.