Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Confidence in Server Security Shaky, Bit9 Survey Suggests

Targeted attacks and data breaches are top concerns for companies, but confidence among IT professionals that they have the ability to stop them has fallen, according to a new survey from Bit9.

Targeted attacks and data breaches are top concerns for companies, but confidence among IT professionals that they have the ability to stop them has fallen, according to a new survey from Bit9.

In the company’s third annual Server Security Survey, the company found that 55 percent of the nearly 800 IT pros surveyed consider targeted attacks and breaches their top concern, an increase of three percent compared to last year and 18 percent compared to 2011. However, 81 percent said they were either “somewhat confident” (59 percent) or “not confident” (22 percent) that they could stop advanced threats targeting their servers. That 22 percent figure is a two percent increase from 2012.

“Many businesses are still depending on antiquated endpoint security solutions like AV (antivirus) that simply don’t work, and the attackers continue to become more advanced,” said Nick Levay, chief security officer at Bit9. “The confidence level reflects that.”

Twenty-six percent of respondents admitted their organizations had been hit by advanced malware, an increase of one percent from 2012. Twenty-five percent said they don’t know if they had, up from seven percent from last year.

From a risk perspective, respondents said they were most concerned with Web servers (52 percent) and file servers ranked the highest. Database servers were cited by roughly 9.5 percent.

“We found this puzzling,” Levay told SecurityWeek. “We expected file servers and databases to be higher priority because they are most often where proprietary information resides. I think it’s a matter of how the respondents defined risk – risk of compromise, versus risk to the business. Web servers are often the most exposed, and for that reason pose the largest risk of compromise, while servers like databases pose the largest risk to the business if compromised.”

Virtual servers were ranked as the highest concern by less than three percent – something Bit9 argues is due to overconfidence in the security of virtual environments. To this point, nearly a quarter of those who administer an environment composed of more than 75 percent virtual servers said they had been hit by advanced malware.

“There’s nothing about virtual servers that makes them inherently more secure than physical servers.  In fact, the contrary is true,” Levay said. “Virtual servers have a larger threat surface, because in addition to the servers themselves being targets, the hypervisors they run on are targets as well.  It’s unclear where this perception comes from.  It’s probably a combination of believing something is more secure because it’s easier to manage and simply because it’s newer.  Neither (is) true.”

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybercrime

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...