Targeted attacks and data breaches are top concerns for companies, but confidence among IT professionals that they have the ability to stop them has fallen, according to a new survey from Bit9.
In the company’s third annual Server Security Survey, the company found that 55 percent of the nearly 800 IT pros surveyed consider targeted attacks and breaches their top concern, an increase of three percent compared to last year and 18 percent compared to 2011. However, 81 percent said they were either “somewhat confident” (59 percent) or “not confident” (22 percent) that they could stop advanced threats targeting their servers. That 22 percent figure is a two percent increase from 2012.
“Many businesses are still depending on antiquated endpoint security solutions like AV (antivirus) that simply don’t work, and the attackers continue to become more advanced,” said Nick Levay, chief security officer at Bit9. “The confidence level reflects that.”
Twenty-six percent of respondents admitted their organizations had been hit by advanced malware, an increase of one percent from 2012. Twenty-five percent said they don’t know if they had, up from seven percent from last year.
From a risk perspective, respondents said they were most concerned with Web servers (52 percent) and file servers ranked the highest. Database servers were cited by roughly 9.5 percent.
“We found this puzzling,” Levay told SecurityWeek. “We expected file servers and databases to be higher priority because they are most often where proprietary information resides. I think it’s a matter of how the respondents defined risk – risk of compromise, versus risk to the business. Web servers are often the most exposed, and for that reason pose the largest risk of compromise, while servers like databases pose the largest risk to the business if compromised.”
Virtual servers were ranked as the highest concern by less than three percent – something Bit9 argues is due to overconfidence in the security of virtual environments. To this point, nearly a quarter of those who administer an environment composed of more than 75 percent virtual servers said they had been hit by advanced malware.
“There’s nothing about virtual servers that makes them inherently more secure than physical servers. In fact, the contrary is true,” Levay said. “Virtual servers have a larger threat surface, because in addition to the servers themselves being targets, the hypervisors they run on are targets as well. It’s unclear where this perception comes from. It’s probably a combination of believing something is more secure because it’s easier to manage and simply because it’s newer. Neither (is) true.”
More from Brian Prince
- U.S. Healthcare Companies Hardest Hit by ‘Stegoloader’ Malware
- CryptoWall Ransomware Cost Victims More Than $18 Million Since April 2014: FBI
- New Adobe Flash Player Flaw Shares Similarities With Previous Vulnerability: Trend Micro
- Visibility Challenges Industrial Control System Security: Survey
- Adobe Flash Player Zero-Day Exploited in Attack Campaign
- Researchers Demonstrate Stealing Encryption Keys Via Radio
- Researchers Uncover Critical RubyGems Vulnerabilities
- NSA, GCHQ Linked to Efforts to Compromise Antivirus Vendors: Report
Latest News
- Germany Appoints Central Bank IT Chief to Head Cybersecurity
- OpenSSL Ships Patch for High-Severity Flaws
- Software Supply Chain Security Firm Lineaje Raises $7 Million
- ICS Cybersecurity Firm Opscura Launches With $9.4 Million in Series A Funding
- Vulnerability Provided Access to Toyota Supplier Management Network
- Patch Released for Actively Exploited GoAnywhere MFT Zero-Day
- Linux Variant of Cl0p Ransomware Emerges
- VMware Says No Evidence of Zero-Day Exploitation in ESXiArgs Ransomware Attacks
