Just as we get word that giant retailer Target is completely reorganizing
its IT security program in the wake of its massive data breach, two more
security studies confirm the vulnerabilities that many organizations face.
In an email to FierceCIO, security firm SailPoint shared the
results of its most recent study on how enterprises are embracing and in many
cases mandating the use of cloud and mobile, and thereby
"leaving
themselves at increased risk of fraud, theft and privacy breaches."
SailPoint's recent Market Pulse Survey found "a complex landscape,
where enterprises are catching up to the required levels of oversight and
control needed to govern new technologies as part of their overall security and
risk management program."
Interviewing 400 IT decision makers at companies with at least 5,000
employees, SailPoint found that:
- "82 percent of respondents allow employees to use their personal
devices to access company data or applications at work. However, cloud and
bring-your-own-device (BYOD) trends are glaringly absent from most company's
security programs. In fact, as many as 41 percent of respondents admitted to an
inability to manage cloud and BYOD as part of their identity and access
management strategy."
- "63 percent of enterprises now require IT decision makers to
evaluate cloud applications as part of every software procurement process.
Already, 39 percent of missing-critical applications are currently stored in
the cloud, which will increase to 59 percent by 2016."
- "Less than half of the respondents have a process in place to
automatically remove mission-critical data from mobile devices, while 46
percent of respondents are not even confident in their ability to grant or
revoke employee access to applications across their entire IT environment."
- "52 percent of respondents admit that employees have read or seen
company documents that they should not have access to, and 51 percent believe
that it's 'just a matter of time' before a security breach occurs."
Meanwhile, another new security study warns that the greatest IT security
problems are not in the operating systems that organizations use, but in the
applications that run on them.
Still, Secunia reports that "76 percent of security holes in the 50
most popular programs in private PCs in 2013 affected third-party
programs," according to
an article at ZDNet. "Windows
continued to be the most targeted operating system. Windows 7, the most popular
version of Windows, was also the most popular with hackers. Looking ahead,
Microsoft predicts that XP users, which will soon no longer be supported, risk
facing 'zero day forever' attacks," the article says.
Despite these risks, the Secunia study found that the majority of malware
attacks--75.7 percent--come from third party applications.
No comments:
Post a Comment