CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Confidence in Server Security Shaky, Bit9 Survey Suggests

Targeted attacks and data breaches are top concerns for companies, but confidence among IT professionals that they have the ability to stop them has fallen, according to a new survey from Bit9.

Targeted attacks and data breaches are top concerns for companies, but confidence among IT professionals that they have the ability to stop them has fallen, according to a new survey from Bit9.

In the company’s third annual Server Security Survey, the company found that 55 percent of the nearly 800 IT pros surveyed consider targeted attacks and breaches their top concern, an increase of three percent compared to last year and 18 percent compared to 2011. However, 81 percent said they were either “somewhat confident” (59 percent) or “not confident” (22 percent) that they could stop advanced threats targeting their servers. That 22 percent figure is a two percent increase from 2012.

“Many businesses are still depending on antiquated endpoint security solutions like AV (antivirus) that simply don’t work, and the attackers continue to become more advanced,” said Nick Levay, chief security officer at Bit9. “The confidence level reflects that.”

Twenty-six percent of respondents admitted their organizations had been hit by advanced malware, an increase of one percent from 2012. Twenty-five percent said they don’t know if they had, up from seven percent from last year.

From a risk perspective, respondents said they were most concerned with Web servers (52 percent) and file servers ranked the highest. Database servers were cited by roughly 9.5 percent.

Advertisement. Scroll to continue reading.

“We found this puzzling,” Levay told SecurityWeek. “We expected file servers and databases to be higher priority because they are most often where proprietary information resides. I think it’s a matter of how the respondents defined risk – risk of compromise, versus risk to the business. Web servers are often the most exposed, and for that reason pose the largest risk of compromise, while servers like databases pose the largest risk to the business if compromised.”

Virtual servers were ranked as the highest concern by less than three percent – something Bit9 argues is due to overconfidence in the security of virtual environments. To this point, nearly a quarter of those who administer an environment composed of more than 75 percent virtual servers said they had been hit by advanced malware.

“There’s nothing about virtual servers that makes them inherently more secure than physical servers.  In fact, the contrary is true,” Levay said. “Virtual servers have a larger threat surface, because in addition to the servers themselves being targets, the hypervisors they run on are targets as well.  It’s unclear where this perception comes from.  It’s probably a combination of believing something is more secure because it’s easier to manage and simply because it’s newer.  Neither (is) true.”

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.