Wave Systems Corp. has announced the results of a survey of enterprise network security professionals that reveals a lack of preparedness for Advanced Persistent Threats (APTs) at many firms. The focused survey also highlighted a general confidence and a false sense of security among network security managers and staff about the ability of IT defences to prevent cyber-attacks in the next year.
The Wave Systems’ State of Network Security Survey 2012 polled a representative group of 256 IT security managers, professionals, analysts and decision-makers in the United Kingdom this month (April).
It found that 43 per cent of respondents felt they did not have an effective detection system or defence to deal with APTs, sophisticated malware that penetrates device and network security software barriers before launching potentially devastating attacks to disable or destroy equipment, or to steal data. APTs can remain undetected over an extended time. The most notorious APT has been the Stuxnet virus, which targeted and damaged Iranian nuclear facility computers. Latest reports suggest the virus was introduced to the system through an infected memory stick.
Despite the large number of network security professionals indicating inadequate defences against APTs, most of them believe that their enterprise networks are effectively prepared to deal with cyber-attacks in the coming year. They were asked to rate their IT defences against security attacks on a scale of 1 to 10, which produced a mean score of 7.3. In other words, 73 per cent believed they had a system ranking between 7 and 10 on the effective security scale.
Greater Need for Port Control, Proof of Encryption
· Two-thirds (66 per cent) of respondents said they had data that could be vulnerable without total port control protection tools.
· 16 per cent indicated that they did not have security systems in place to prevent data loss through removable media.
· Regulatory compliance was another challenge highlighted by the survey. Around a third of respondents said they did not have the means to provide proof of encryption within 24 hours of data loss or theft of a laptop. Furthermore, 40 per cent said they were unaware that this requirement would be mandatory under the new European Union data regulations now being finalised.
Strong Majority See Benefits of Hardware Security for Authentication, Encryption
· There was an overwhelming majority of respondents (94 per cent) who acknowledged the benefits of open-industry standard, embedded-hardware security for device authentication and data encryption but at the same time, a quarter of security professionals indicated that their current network software could not manage and monitor the adoption of this form of security hardware.
· The study indicated that managing security in the Cloud is a significant challenge for network professionals, with 35 per cent of respondents advising that they had no proven and effective solution for managing multiple types of encryption in cloud-based services, for example Full-Disk Encryption, Self-Encrypting Drives and BitLocker for Windows.
· At the same time, around a third (30 per cent) also said they did not have a single system to manage the authentication of all devices on a network, i.e. PCs, laptops, notebooks, smartphones and tablets.
Joseph Souren, General Manager Wave Systems EMEA, says: “Our survey focused on new network security threats, regulatory compliance and the challenges presented by multiple devices and the Cloud. It indicates that there are definite gaps for many firms in both understanding of the growing cyber-threats and new strategies that enterprises must implement to be fully compliant with EU regulations.”