Vulnerabilities / Threats
3/7/2014
01:19 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

New AppRiver Survey: IT Security Pros Care More About Malware Than NSA Spying

More than half of respondents report cybercrime from external sources as most problematic

GULF BREEZE, FL--March 5, 2014--Despite the NSA and Snowden controversy dominating news headlines and sparking a serious privacy debate, findings from a new AppRiver,LLCsurvey show that IT security professionals consider external threats from cybercriminals to be the more concerning issue facing the security of organizations' sensitive information today.

"While the debate over the NSA and its authority does carry importance, this survey clearly demonstrates that IT security pros are more concerned with cybercriminals than government action," says Fred Touchette, senior security analyst at AppRiver. "These are the people who deal with security every day, whose jobs depend on keeping networks secure, and who see threats as a practical problem, not a theoretical or philosophical issue."

More than 110 attendees at RSA Conference 2014 took the survey, which was conducted via in-person interviews by AppRiver, a leading provider of email messaging and Web security solutions.

When asked to name the most dangerous threat to the security of their organization, the response breakdown follows:

56.2% of respondents report cybercrime from external sources as most problematic

33% say insider threats with non-malicious intent give them the most trouble

5.3% blame malicious insiders for causing the biggest security headache

5.3% point the finger at external threats from government as chief offender

Malware, including email-borne and web-based threats, topped the list of most concerning threat vectors followed by personally identifiable information (PII) and social engineering. The majority of respondents, 71.4%, cited people as the most frequent (or most likely) point of failure for IT security. 21.4% faulted process and 7.2% labeled technology as the weak link.

"As a new breed of cybercriminal gets more sophisticated, IT security pros believe employees are not prepared for the more serious threats," Touchette continues. "This chasm demands a comprehensive security strategy that takes into account all threat vectors from technological and human standpoints. Organizations need a layered security approach that includes technology, training, awareness and enforcement to keep both inadvertent and intentional attacks from happening."

Despite the Snowden incident, more than two thirds of respondents do not think it is time to ask employees to take psychometric tests to determine their honesty. When asked if IT security pros themselves would be willing to take such a test as a condition of employment, more than 65% said yes.

About AppRiver

AppRiver is a Software-as-a-Service (SaaS) provider offering award-winning email and Web security solutions to businesses of all sizes. Understanding the need to protect networks from today's increasingly complex IT threats, AppRiver offers businesses a comprehensive, yet affordable subscription-based solution that incorporates the latest spam and virus protection, email encryption and Web security on the market. In addition, the company provides a complete managed service for Microsoft Exchange, as well as a bundled Office 365 solution. Since its inception, AppRiver has sustained an impressive 93% customer retention rate while growing its customer base to more than 45,000 companies and over 8 million mailboxes worldwide. The company maintains offices in Florida, New York and Switzerland, and is led by an Ernst & Young Florida Entrepreneur of the Year award winner. For more information, please visit www.appriver.com.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-1544
Published: 2014-07-23
Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger cer...

CVE-2014-1547
Published: 2014-07-23
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2014-1548
Published: 2014-07-23
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2014-1549
Published: 2014-07-23
The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function in Mozilla Firefox before 31.0 and Thunderbird before 31.0 does not properly allocate Web Audio buffer memory, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and applica...

CVE-2014-1550
Published: 2014-07-23
Use-after-free vulnerability in the MediaInputPort class in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging incorrect Web Audio control-message ordering.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.