October 11, 2010, 8:14 PM — Is this year turning out to be even worse for getting hacked than last year?
That's what a survey of 350 IT and network professionals would indicate, with large companies in particular reporting this to be worse than last in terms of suffering at least one network intrusion of their user machines, office network or servers.
The SAS 70 replacementAccording to the Sixth Annual Enterprise IT Security Survey released Monday, 67% of large companies with 5,000 or more employees reported one successful intrusion or more this year, as opposed to 41% in 2009. Mid-size companies of 1,000 to 4,999 employees fared better with 59% reporting an intrusion, up slightly from 57% in 2009.
For the first time, the survey, sponsored by VanDyke Software and undertaken by Amplitude Research in mid-September, delved into what the survey respondents believed primarily caused the network intrusion.
Fourteen percent of those surveyed attributed their intrusion problem to "hacker/network attack," 12% cited "lack of adequate security policies/measures," 10% said "employee Web usage," 9% pointed to "virus/malware/spyware," 8% faulted other employee carelessness, negligence," 6% said "unauthorized access by current/former employees," 5% blamed "weak passwords," 5% thought it was because of "lack of software updates," and 5% simply said "software security flaw/bug."
More than a quarter of the 2010 respondents say their employer outsources technology jobs to an offshore location, roughly the same percentage as in 2009. About half of those reporting this kind of outsourcing said they felt it had a negative impact on their own organization's network security. However, nearly a third felt it had "no impact," and about one-fifth called it a "positive impact.'
About half of respondents said their organizations have a formal security audit by an outside organization at least once a year, up from 35% in 2009. Some 56% felt the audits helped identity "significant security problems."
Separately, 65% this year reported undergoing an internal security audit at least once a year, down slightly from 67% in 2009. Forty-seven percent felt internal audits helped identify security problems, but 30% said the audit didn't go far enough and 40% felt the audits should occur more frequently.
Read more about wide area network in Network World's Wide Area Network section.