Tuesday, July 28, 2009

RSA Conference Says Mobile Security Tops List of Threats



RSA® Conference Survey Reveals Disparity Between Security Needs and Technology Purchases

Email and Mobile Security Top the List of Threats, but Spending is Earmarked Elsewhere
RSA Conference 2010

SAN MATEO, Calif.--(AllPayNews.com)--RSA® Conference (www.rsaconference.com), the world’s leading information security conferences and expositions, today released the results of a recent survey of security professionals regarding the critical security threats and infrastructure issues they currently face, including those exacerbated by the current economic climate. The study, “What Security Issues Are You Currently Facing?,” includes responses from nearly 150 C-level executives and professionals charged with directing, managing and engineering security infrastructures within their respective organizations.

The study indicates that even though practitioners are most concerned about email phishing and securing mobile devices, technologies addressing these needs are at risk of being cut from IT budgets. Seventy-two percent of respondents indicated a rise in email-borne malware and phishing attempts since Fall 2008, with 57% stating they have seen an increase in Web-borne malware. Concerns about zero-day attacks and rogue employees as a result of layoffs were cited by 28% and 26% of survey respondents, respectively

When asked about the top security and organizational challenges they expect to face in the next 12 months, 57% of respondents cited budgetary constraints; 44% cited employee education as a major concern and 40% called out lost or stolen devices.

The survey also asked what technology investments will likely be bypassed or curtailed due to spending freezes and budget cuts. Given the above information, however, the survey illustrates that even though employees are seeing increases in email- and Web-borne malware and phishing, IT budgets are not being sufficiently allocated to defend against these issues.

Specifically, the survey demonstrates that even though 72% of respondents have seen a rise in email-borne malware and phishing, 8% still plan on cutting money that would previously be earmarked to attempt to mitigate those risks. Even more alarming is that 40% of respondents admitted that securing lost or stolen devices – like the iPhone or Blackberry – is a top concern in the coming year, yet 15% of those surveyed will be reducing spending in this area.

“It is very disconcerting to see that while the trends and the experience of security professionals point to web and email-borne malware as the biggest threat, companies are cutting messaging and web security budgets,” said Andreas Antonopoulos, Senior Vice President and Founding Partner at Nemertes Research. “Companies tend to focus too much on the spectacular attacks (zero-day and organized crime) versus the mundane but extremely costly attacks (phishing and malware). Security controls should be driven by risk/reward calculations that soberly evaluate the impact on the business, rather than sensationalist media reports. Security professionals know where the real threats are but often find it difficult to quantify and explain the risks to senior management.”

In an attempt to uncover the impact of the recent Facebook and Twitter phishing attacks that have received extensive media coverage over the last several months, RSA Conference asked respondents how their organizations were affected. The survey found that while 84% of respondents allow the use of these tools, only a mere 3% were seriously affected by the attacks. Conversely, 73% said that their organization was not impacted at all and 24% indicated they were somewhat affected.

“We rely on the real world experiences of security practitioners to develop the educational programming and the agenda at RSA Conference,” said Sandra Toms LaPedis, Area Vice President and General Manager of RSA Conference. “This survey not only serves as a benchmark for the industry and a vehicle to learn from one another, but also provides insight into the issues that may become the content focus of RSA Conference 2010.”

For more information and to see additional survey results, please go to: https://365.rsaconference.com/blogs/rsa_conference_blog.

About RSA Conference

RSA Conference helps drive the global information security agenda with annual events in the U.S., Europe and Japan. Throughout its 19-year history, RSA Conference consistently attracts the world’s best and brightest in the field, creating opportunities to learn about information security’s most important issues through face-to-face and online interactions with peers, luminaries and emerging and established companies. As information security professionals work to stay ahead of ever-changing security threats and trends, they turn to RSA Conference for a 360-degree view of the industry. RSA Conference seeks to arm participants with the knowledge they need to remain at the forefront of the information security business. More information on events, online programming and the most up-to-date news pertaining to the information security industry can be found at www.rsaconference.com.

RSA and the RSA Conference logo are either registered trademarks or trademarks of RSA Security Inc. in the United States and/or other countries. All other marks are trademarks of their respective companies.

ContactsSHIFT Communications
Alex Kirschner, 415-591-8421
akirschner@shiftcomm.com
Reblog this post [with Zemanta]

Disqus for ePayment News