Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

11/15/2012
02:45 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Faronics Survey Reveals BYOD, Unstructured Data, Check And Credit Card Fraud As Most Critical Threats To Businesses

Study reveals that businesses don’t fully grasp the repercussions resulting from one or more data breaches

VANCOUVER, B.C. and SAN RAMON, Calif. November 13, 2012 – Faronics, a global leader in simplifying, securing and managing multi-user computer environments, today announced the results of its State of Cyber Security Readiness survey, which examines the cyber threat and data breach experiences of small and medium-sized businesses (SMBs). The research was completed by The Ponemon Institute.

When asked about a range of threats most likely to affect their organization's ability to achieve its business objectives, more than three quarters of respondents in both the U.S. and U.K., 76% and 77%, respectively, consider check or credit card fraud either "likely" or "very likely." Respondents included executives from many levels of these organizations, ranging from the owner/partner to outside consultants, but were heavily weighted toward the director, manager, supervisor and technician levels.

The top three threats to their organizations listed by U.S. respondents included "proliferation of unstructured data," (69 percent), "unsecure third parties including cloud providers, (65 percent) and "not knowing where all sensitive data is located, (62 percent). U.K. respondents had a slightly different set of concerns: 62% believe "proliferation of end-user devices" is a key issue, as well as "lack of security protection across all devices," (cited by 56%) and "unsecure third parties including cloud providers," (53 percent).

"Although organizations have become more aware of potential threats, they do not seem to accurately perceive the repercussions associated with data breaches," said Dmitry Shesterin, vice president of product management at Faronics. "Findings indicate that organizations do not understand the full costs and damages they will suffer as a result of a data breach. These organizations need to become more proactive about their security programs in order to minimize the damage they will inevitably experience from one, if not more, data breach."

A common belief labels IT departments and managements as too complacent with security and data protection, leaving their organizations vulnerable to cyber threats. However, Faronics' survey found otherwise. Just 9% among U.S. respondents and 4% in the U.K. admit "security is not taken seriously because our organization is not perceived as being vulnerable to attacks." Among other key survey findings:

64% of U.S. respondents and 75% of U.K. respondents cited "insufficient people resources" as a primary barrier to achieving effective security

62% of U.K. respondents consider "the complexity of compliance and regulatory requirements" as a key barrier.

55% listed "lack of in-house skilled or expert personnel"

50% of U.S. respondents noted "lack of central accountability" and 41% listed "lack of monitoring and enforcement of end users"

When queried about the impact of data breaches on their organizations, more than half of U.S. and U.K. respondents cited the loss of time and productivity most frequently. Both U.S. and U.K. respondents also listed damage to their organization's brand second most frequently. According to the findings among companies that experienced a data breach:

42% of U.S. respondents and 38% of U.K. respondents stated they "lost customers and business partners"

41% and 34% of U.S. and U.K. respondents, respectively experienced an increase in the "cost of new customer acquisition "

35% of U.S. respondents and 31% of U.K. respondents "suffered a loss of reputation"

"This is the first study to investigate what smaller companies in North America are doing to prevent and detect cyber attacks," said Dr. Larry Ponemon, chairman and founder of Ponemon Institute. "Results indicate that companies tend to seriously underestimate the potential damage to brand and reputation, revealing a great data breach perception gap. Misconceptions about the consequences associated with a data breach are preventing organizations from implementing the necessary financial tools, in house-expertise and technologies to achieve cyber readiness."

Survey findings uncover that IT managers made security and data protection investment decisions based on ease of deployment and ongoing operations as well as low purchase costs. The majority of respondents, 73% in the U.S. and 78% in the U.K., seek products and solutions that enable easy deployment. U.K. teams further indicated the importance of minimal maintenance effort with 62% of respondents listing the "ease of ongoing operations" as a key factor influencing security investments, followed by 58% seeking "low purchase cost" and 52% seeking low total cost ownership (TCO). U.S. teams indicated a greater concern with costs, as 65% of respondents listed "low purchase cost" as a primary influencer over the 60% who listed "ease of ongoing operations" and half who listed "low TCO."

Among the data protection solutions respondents most frequently employ today; 65% and 75%, respectively of U.S. and U.K. respondents employ firewalls and other perimeter security technologies. Thirty-six percent of U.S. and 53% of U.K. respondents turn to blacklisting and/or whitelisting tools to identify content with vulnerabilities. A significant plurality of IT teams relies on enforcing strict data policies, cited by one-third of U.S. and 45% of U.K. respondents.

For further information, the full survey report can be found www.faronics.com/ponemon.

About Ponemon Institute

Ponemon Institute conducts independent research on privacy, data protection and information security policy. The company's goal is to enable organizations in both the private and public sectors to have a clearer understanding of the trends in practices, perceptions and potential threats that will affect the collection, management and safeguarding of personal and confidential information about individuals and organizations. Ponemon Institute research informs organizations on how to improve upon their data protection initiatives and enhance their brand and reputation as a trusted enterprise.

About Faronics

With a well-established record of helping organizations manage, simplify, and secure their IT infrastructure, Faronics makes it possible to do more with less by maximizing the value of existing technology. Their suite of products ensures 100% workstation availability, and frees up IT teams from tedious technical support and software issues. Incorporated in 1996, Faronics has offices in the USA, Canada and the UK, as well as a global network of channel partners. Faronics solutions are deployed in over 150 countries, and are helping more than 30,000 organizations worldwide.

Additional information about Faronics can be found on www.faronics.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21553
PUBLISHED: 2021-08-03
Dell PowerScale OneFS versions 8.1.0-9.1.0 contain an Incorrect User Management vulnerability.under some specific conditions, this can allow the CompAdmin user to elevate privileges and break out of Compliance mode. This is a critical vulnerability and Dell recommends upgrading at the earliest.
CVE-2021-21562
PUBLISHED: 2021-08-03
Dell EMC PowerScale OneFS contains an untrusted search path vulnerability. This vulnerability allows a user with (ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE) and (ISI_PRIV_SYS_UPGRADE or ISI_PRIV_AUDIT) to provide an untrusted path which can lead to run resources that are not under the application...
CVE-2021-21563
PUBLISHED: 2021-08-03
Dell EMC PowerScale OneFS versions 8.1.2-9.1.0.x contain an Improper Check for Unusual or Exceptional Conditions in its auditing component.This can lead to an authenticated user with low-privileges to trigger a denial of service event.
CVE-2021-21565
PUBLISHED: 2021-08-03
Dell PowerScale OneFS versions 9.1.0.3 and earlier contain a denial of service vulnerability. SmartConnect had an error condition that may be triggered to loop, using CPU and potentially preventing other SmartConnect DNS responses.
CVE-2021-26085
PUBLISHED: 2021-08-03
Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3.