Security Experts:

Report: Roughly One-in-Ten Devices Connecting to Corporate Networks May Be Infected

A survey of IT pros and executives from Brazil, Germany, U.K., Hong Kong and the United States, respondents paints a bleak picture of security.

A survey of IT pros and executives from Brazil, Germany, U.K., Hong Kong and the United States, respondents painted a bleak picture of security. A new survey of C-level executives and IT security administrators reports that an estimated 11 percent of machines and mobile devices connecting to the networks of U.S. participants are infected with malware.

The study, which was commissioned by Check Point Software Technologies, fielded answers from more than 2,600 participants from the U.S., U.K., Hong Kong, Brazil and Germany. According to the report, respondents from Germany and the United States are believed to have had the smallest percentages of infections, with Germany coming in at an estimated nine percent. In the U.K., Hong Kong and Brazil, the estimated percentages were 17, 25 and 23, respectively.

Enterprise NetworksAround the globe, the survey found, the most worrisome element of security is the use of mobile devices by employees.

"BYOD (bring-your-own-device) is a relatively new issue -past few years - that security professionals have had to deal with and this comes out as the number one worry for all countries surveyed," said Scott Emo, head of software blade product marketing at Check Point. "Security professionals were used to being able to manage and control endpoints accessing their data, and BYOD has put that paradigm on its head."

"Mobile device owners must be educated by their companies about new mobile threats and how employees can protect themselves, their mobile devices and therefore their companies," he added."Companies must also put protection in place to ensure that any data that is accessed via mobile devices remains safe."

RelatedSenior Corporate Execs Failing in Cyber Risk Management

The survey, which was performed by the Ponemon Institute, found that businesses are not universally running training or awareness programs to prevent targeted attacks, with only 64 percent saying they do so. The price of a cyber attack however remains costly. When asked how much they thought a cyber attack would cost their company - including everything from investigations to forensics to investments in technology – U.S. respondents estimated the amount was $276,000. German respondents put the figure at $298,000, while respondents from Brazil estimated it would cost them approximately $106,000.

Following investigations into cyber-attacks, the majority of those surveyed (65 percent) said financial fraud as the cybercriminal's primary motivation, followed by attempts to disrupt business operations (45%) and theft of customer data (45%). Just five percent said the attacks were driven by political or ideological agendas.

According to the survey, the average number of attacks per week per organization in the U.S. was 79. In Germany, respondents reported an average of 82 attacks against their organizations. In the UK, the average was 68 per week.

Headlining the list of threats were denial-of-service attacks and SQL injection. When asked what the most serious attacks they experienced in the last two years were, 54 percent of the U.S. participants said SQL injection, while 11 percent cited DDoS.

"Companies are constantly facing new and costly security risks from both internal and external sources that can jeopardize the business," said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, in a statement. "While the types of threats and level of concern companies have may vary across regions, the good news is that security awareness is rising. Across the board, C-level executives reported high levels of concern about targeted attacks and planned to implement security precautions, technology and training to mitigate the risk of targeted attacks."


Subscribe to the SecurityWeek Email Briefing
view counter