Vulnerabilities / Threats
3/7/2014
01:19 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

New AppRiver Survey: IT Security Pros Care More About Malware Than NSA Spying

More than half of respondents report cybercrime from external sources as most problematic

GULF BREEZE, FL--March 5, 2014--Despite the NSA and Snowden controversy dominating news headlines and sparking a serious privacy debate, findings from a new AppRiver,LLCsurvey show that IT security professionals consider external threats from cybercriminals to be the more concerning issue facing the security of organizations' sensitive information today.

"While the debate over the NSA and its authority does carry importance, this survey clearly demonstrates that IT security pros are more concerned with cybercriminals than government action," says Fred Touchette, senior security analyst at AppRiver. "These are the people who deal with security every day, whose jobs depend on keeping networks secure, and who see threats as a practical problem, not a theoretical or philosophical issue."

More than 110 attendees at RSA Conference 2014 took the survey, which was conducted via in-person interviews by AppRiver, a leading provider of email messaging and Web security solutions.

When asked to name the most dangerous threat to the security of their organization, the response breakdown follows:

56.2% of respondents report cybercrime from external sources as most problematic

33% say insider threats with non-malicious intent give them the most trouble

5.3% blame malicious insiders for causing the biggest security headache

5.3% point the finger at external threats from government as chief offender

Malware, including email-borne and web-based threats, topped the list of most concerning threat vectors followed by personally identifiable information (PII) and social engineering. The majority of respondents, 71.4%, cited people as the most frequent (or most likely) point of failure for IT security. 21.4% faulted process and 7.2% labeled technology as the weak link.

"As a new breed of cybercriminal gets more sophisticated, IT security pros believe employees are not prepared for the more serious threats," Touchette continues. "This chasm demands a comprehensive security strategy that takes into account all threat vectors from technological and human standpoints. Organizations need a layered security approach that includes technology, training, awareness and enforcement to keep both inadvertent and intentional attacks from happening."

Despite the Snowden incident, more than two thirds of respondents do not think it is time to ask employees to take psychometric tests to determine their honesty. When asked if IT security pros themselves would be willing to take such a test as a condition of employment, more than 65% said yes.

About AppRiver

AppRiver is a Software-as-a-Service (SaaS) provider offering award-winning email and Web security solutions to businesses of all sizes. Understanding the need to protect networks from today's increasingly complex IT threats, AppRiver offers businesses a comprehensive, yet affordable subscription-based solution that incorporates the latest spam and virus protection, email encryption and Web security on the market. In addition, the company provides a complete managed service for Microsoft Exchange, as well as a bundled Office 365 solution. Since its inception, AppRiver has sustained an impressive 93% customer retention rate while growing its customer base to more than 45,000 companies and over 8 million mailboxes worldwide. The company maintains offices in Florida, New York and Switzerland, and is led by an Ernst & Young Florida Entrepreneur of the Year award winner. For more information, please visit www.appriver.com.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6306
Published: 2014-08-22
Unspecified vulnerability on IBM Power 7 Systems 740 before 740.70 01Ax740_121, 760 before 760.40 Ax760_078, and 770 before 770.30 01Ax770_062 allows local users to gain Service Processor privileges via unknown vectors.

CVE-2014-0232
Published: 2014-08-22
Multiple cross-site scripting (XSS) vulnerabilities in framework/common/webcommon/includes/messages.ftl in Apache OFBiz 11.04.01 before 11.04.05 and 12.04.01 before 12.04.04 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a (1)...

CVE-2014-3525
Published: 2014-08-22
Unspecified vulnerability in Apache Traffic Server 4.2.1.1 and 5.x before 5.0.1 has unknown impact and attack vectors, possibly related to health checks.

CVE-2014-3563
Published: 2014-08-22
Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud.

CVE-2014-3587
Published: 2014-08-22
Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists bec...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Three interviews on critical embedded systems and security, recorded at Black Hat 2014 in Las Vegas.