When it comes to servers, IT and security professionals' concerns about targeted malware and data breaches are escalating while their confidence in their ability to identify and stop advanced threats is on the decline, according to a new survey by security firm Bit9.
"Targeted malware was the top security concern for the second year in a row," says Ilana Goddess, product marketing manager for Bit9, noting that 52.4 percent of survey respondents (up 15 percent from a year ago), cite targeted malware as their primary concern.
"The whole thing with targeted malware is that targeted threats are aimed at you," says Goddess. "They are the most difficult to defend against because it's like a virus that only affects you. And the attackers are not stopping. They'll persist until they get in whether it takes months or years. Antivirus isn't going to work because people haven't seen the signatures before."
In November and December of 2012, Bit9 polled 966 IT and security professionals worldwide for its second annual Server Security Survey. Most respondents (58 percent) administered up to 50 servers; 29 percent administered 100 to 500 servers; and 13 percent administered, on average, 2,000 servers. About one-half (51 percent) said they are running Windows as their primary platform (i.e., Windows comprises more than 75 percent of total servers); 12 percent said they are running Linux as their primary platform (up 13 percent from last year); 2 percent said they run Unix as their primary platform.
One-Quarter of Firms Have Been Victims of Targeted Malware
Goddess notes that it comes as no surprise that respondents again identified targeted malware and data breaches as a top server security concern, given the proliferation of such attacks in 2012. Attacks like Flame, Gauss, mini-Flame and the Flashback Trojan garnered significant media attention last year. Twenty-five percent of Bit9's respondents say they had been the victims of advanced malware (up 8 percent since 2012), while 18 percent said they didn't know whether they had been attacked (according to the F.B.I., two-thirds of breaches are detected by a third party). And according to security firm Mandiant, attackers have, on average, been in place for 416 days prior to detection.
At the same time, server data has become much more vulnerable to attack. Verizon's 2012 Data Breach Investigations report found that 94 percent of all data compromised in 2012 involved servers (an increase of 18 percent from 2011). Goddess says IT and security professionals are losing confidence in their ability to identify and thwart these advanced threats: Only 18 percent of respondents said they were very confident in their ability to stop advanced malware; 59 percent said they were somewhat confident, 20 percent said they were not confident (up from 10 percent in 2011) and 4 percent said they were unsure.
Sign up for Computerworld eNewsletters.