Vulnerabilities / Threats
3/7/2014
01:19 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

New AppRiver Survey: IT Security Pros Care More About Malware Than NSA Spying

More than half of respondents report cybercrime from external sources as most problematic

GULF BREEZE, FL--March 5, 2014--Despite the NSA and Snowden controversy dominating news headlines and sparking a serious privacy debate, findings from a new AppRiver,LLCsurvey show that IT security professionals consider external threats from cybercriminals to be the more concerning issue facing the security of organizations' sensitive information today.

"While the debate over the NSA and its authority does carry importance, this survey clearly demonstrates that IT security pros are more concerned with cybercriminals than government action," says Fred Touchette, senior security analyst at AppRiver. "These are the people who deal with security every day, whose jobs depend on keeping networks secure, and who see threats as a practical problem, not a theoretical or philosophical issue."

More than 110 attendees at RSA Conference 2014 took the survey, which was conducted via in-person interviews by AppRiver, a leading provider of email messaging and Web security solutions.

When asked to name the most dangerous threat to the security of their organization, the response breakdown follows:

56.2% of respondents report cybercrime from external sources as most problematic

33% say insider threats with non-malicious intent give them the most trouble

5.3% blame malicious insiders for causing the biggest security headache

5.3% point the finger at external threats from government as chief offender

Malware, including email-borne and web-based threats, topped the list of most concerning threat vectors followed by personally identifiable information (PII) and social engineering. The majority of respondents, 71.4%, cited people as the most frequent (or most likely) point of failure for IT security. 21.4% faulted process and 7.2% labeled technology as the weak link.

"As a new breed of cybercriminal gets more sophisticated, IT security pros believe employees are not prepared for the more serious threats," Touchette continues. "This chasm demands a comprehensive security strategy that takes into account all threat vectors from technological and human standpoints. Organizations need a layered security approach that includes technology, training, awareness and enforcement to keep both inadvertent and intentional attacks from happening."

Despite the Snowden incident, more than two thirds of respondents do not think it is time to ask employees to take psychometric tests to determine their honesty. When asked if IT security pros themselves would be willing to take such a test as a condition of employment, more than 65% said yes.

About AppRiver

AppRiver is a Software-as-a-Service (SaaS) provider offering award-winning email and Web security solutions to businesses of all sizes. Understanding the need to protect networks from today's increasingly complex IT threats, AppRiver offers businesses a comprehensive, yet affordable subscription-based solution that incorporates the latest spam and virus protection, email encryption and Web security on the market. In addition, the company provides a complete managed service for Microsoft Exchange, as well as a bundled Office 365 solution. Since its inception, AppRiver has sustained an impressive 93% customer retention rate while growing its customer base to more than 45,000 companies and over 8 million mailboxes worldwide. The company maintains offices in Florida, New York and Switzerland, and is led by an Ernst & Young Florida Entrepreneur of the Year award winner. For more information, please visit www.appriver.com.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-4725
Published: 2014-07-27
The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/.

CVE-2014-4726
Published: 2014-07-27
Unspecified vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.8 for WordPress has unspecified impact and attack vectors.

CVE-2014-2363
Published: 2014-07-26
Morpho Itemiser 3 8.17 has hardcoded administrative credentials, which makes it easier for remote attackers to obtain access via a login request.

CVE-2014-2625
Published: 2014-07-26
Directory traversal vulnerability in the storedNtxFile function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to read arbitrary files via crafted input, aka ZDI-CAN-2023.

CVE-2014-2626
Published: 2014-07-26
Directory traversal vulnerability in the toServerObject function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to create files, and consequently execute arbitrary code, via crafted input, aka ZDI-CAN-2024.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.