Amid threats and vulnerabilities from BYOD, cloud, and internet usage, a Dell security survey raises questions about global organizations' awareness of and ability to protect against new cyberattacks.
Despite continual reports of new and increased cybersecurity threats to organizations, a new Dell survey (PDF) of 1,440 IT decision makers around the world shows only 37% of respondents view unknown threats as a key security issue in the next five years.
The joint Dell-Vanson Bourne survey, released February 20, 2014, reports that 64% of organizations believe they will have to restructure their IT processes and have more effective inter-departmental collaboration in order to address future security threats.
US organizations were more likely to view security issues and responses with greater earnestness (which is a trend that figures in the survey). 85% of US respondents said they would have to restructure IT to handle unknown threats; whereas, 43% of their counterparts in the UK and 45% in Canada said reorganization was needed.
83% of respondents state they have security processes to help them identify a security breach. It is striking, however, that the average detection time in the report for a breach was seven hours, given the fast pace of the global digital ecosystem.
Moreover, 40% of those surveyed do not believe their current IT solutions adequately protect them from a cyberattack.
In a statement from the press release, Matt Medeiros, VP and GM, Dell Security Products, said that despite the dangers of new security threats, "our study found, among those surveyed, organizations are just not prepared."
"These threats evade detection," added Medeiros, "bypass security controls, and wreak havoc on an organization's network, applications, and data. There is still a disturbing lack of understanding and awareness of the type of impact and detriment caused by the unknown threats that can come from both sides of an organization's data flow."
The global security survey also uncovered a reactive, rather than proactive, pattern of dedicating IT resources to IT security. Whether it was developing strategies to protect against cloud or BYOD threats, or sharing information on threats and vulnerabilities within the organization, those that had already suffered a breach were 20% more likely to be pursuing those activities each month, compared to those organizations that had not experienced an attack.
The Dell survey stated:
Organizations are therefore reacting to big IT trends, rather than spending money protecting the organization from unknown threats before suffering a breach.
The top five areas for increased IT security spending in the past 12 months were:
- Training of employees: 67%
- Cloud security: 58%
- Monitoring service: 54%
- Completing risk assessments: 53%
- Hardware: 51%
Organizations in the survey tended to devote more time to developing security strategies based on the cost of the breaches they had experienced. 54% of respondents who had breaches costing more than $1 million in the past year said they "often" spend time working on vulnerabilities. That response rate drops to 25% for losses totaling less than $10,000 over the previous 12 months.
The top areas of concern for security threats were: BYOD (mobility), cloud computing, and internet usage.
BYOD: 93% of organizations permit mobile devices for work, and 31% of employees access proprietary networks on their mobile devices. 44% of IT decision makers said BYOD security policies are of high importance, and 57% said the increasing use of mobile devices is a top concern over the next five years.
Cloud: 73% of respondents use the cloud, and that percentage jumps to 90% for respondents in the US. 49% said that increasing use of the cloud is a top concern, whereas only 22% said migrating data to the cloud was a concern, indicating uncertainty about the cloud's future. Among those organizations that said IT security is a top concern for the next year, 86% are using cloud services.
Internet: 63% of IT decision makers indicated that increased use of the internet and browser applications as a top concern over the next five years. One-fifth named possible infection from unsecured public Wi-Fi as one of their top three security concerns. 70% (a figure that seems remarkably low) are using email security to prevent attacks.
Regarding the root cause of security breaches, 47% identified malware, viruses, and intrusions from from web apps and OS patching, 24% of respondents named BYOD, and 21% answered cloud computing. Other threat sources in the survey were professional hackers and increased use of big data.
Of those organizations that said security will be a priority for the next year, 91% plan to increase spending on IT security, 8% said no change, and only 1% said they would decrease spending.
Conversely, for those respondents who said that security is not a priority for the next year, 64% plan to increase spending, 31% do not plan an increase, and 5% would lower their spend on security.
The trend among US organizations was higher investment in IT security, as well as higher spending on IT outsourcing, which the survey states is in proportion to the number of enterprises in the US adopting the cloud.
Lastly, 17% of respondents in Spain planned to decrease spending on IT security next year, compared to the worldwide average of 3%. The next four highest rates of decrease for countries was Australia and France at 5%, the UK at 4%, and Italy at 2%.
About the survey
Dell hired UK tech market research firm Vanson Bourne to conduct the survey, which took place in October-November 2013. The survey involved 1,440 respondents, who were IT decision makers from both public- and private-sector organizations with over 500 employees or end users. 300 organizations were from the US. India, France, Germany, and the UK each had 200 organizations. Beijing, China had 100 organizations, and Australia, Canada, Italy, and Spain had 60 each. Private sector verticals included: retail, consumer products, manufacturing, healthcare (also public sector), and financial services.