The Cost of Insecurity

    When times were good, malware attacks were pretty much the cost of doing business. They happened from time to time, but nobody ever really considered their real impact on the business.

    Now that times are tough and the number of zero-day malware attacks have increased, the operational costs of security are becoming a much bigger factor.

    That’s the primary finding of a survey of 564 IT security managers conducted by The Ponemon Institute on behalf of Lumension, which finds that security issues are becoming a bigger drain on limited IT resources.
    The survey also finds that far too many IT organizations don’t have much in the way of control over security policies. Many report either not having any or simply lack the wherewithal to enforce them.

    According to Ed Brice, senior vice president for worldwide marketing at Lumension, the study not only highlights the need for more effective policy enforcement, but it also shows that anti-malware software isn’t enough to make the overall IT environment secure. And without additional security measures, IT organizations are incurring significant additional operating expense cleaning up after malware infects their systems.

    A comprehensive approach to security should not only include anti-malware software; IT organizations should be deploying application controls, policy-based management systems based on whitelisting techniques and data loss prevention (DLP) systems.

    Unfortunately, the majority of the IT organizations surveyed by Lumension have yet to deploy any of these security technologies, even as their operational security costs continue to rise. Worse yet, with the rise of mobile computing in the enterprise, Brice contends that the security will become even more complicated to manage.

    Of course, in these tough times, it’s sometimes hard to make a case for additional security investments. But when you start to factor in how much time and expense is being wasted in the aftermath of a malware infestation, suddenly the cost of security doesn’t look nearly as prohibitive.

    The Cost of Insecurity - slide 1

    Click through for results from a survey conducted by Lumensions on endpoint security risks.

    The Cost of Insecurity - slide 2

    Confidence is low.

    The Cost of Insecurity - slide 3

    The trend is definitely heading in the wrong direction.

    The Cost of Insecurity - slide 4

    And many deal with 50 or more incidents.

    The Cost of Insecurity - slide 5

    For many it is.

    The Cost of Insecurity - slide 6

    And it’s becoming a bigger issue with each additional attack.

    The Cost of Insecurity - slide 7

    Zero day attacks leave no time to prepare a defense.

    The Cost of Insecurity - slide 8

    Mobile computing increases security risks.

    The Cost of Insecurity - slide 9

    Only half have a policy drive approach to application deployment.

    The Cost of Insecurity - slide 10

    Seems like many IT organizations have no control over the endpoint.

    The Cost of Insecurity - slide 11

    Only about a third can discover all applications on the network.

    The Cost of Insecurity - slide 12

    Most either don’t have one or can’t enforce the ones they have.

    The Cost of Insecurity - slide 13

    After anti-virus, use of security technologies falls off sharply.

    Latest Articles