Webroot recently surveyed more than 300 email and Web security professionals about email management, compliance, archiving, encryption, spam, viruses, Web filtering and Web-based malware attacks. Our research shows that security practices and risk perceptions have evolved over the last year – the top three security concerns are email threat protection, data security/confidentiality and Web threat protection. Other highlights of the survey include:
- Security professionals are clearly worried about insufficient resources for Web security– a potential result of the economic downturn.
- The large number of organizations that were required to retrieve email for legal or compliance reasons within the last year indicates that email archiving services are becoming increasingly important.
- Most companies experienced some type of negative impact due to Web-based threats over the last 12 months, ranging from server outages and disrupted business activities to compromised data or transactions.
- 23% of survey respondents experienced a data breach – which cost between $10,000 and $1 million:
Just two weeks ago, Heartland Payment Systems disclosed that intruders hacked into the computers it uses to process 100 million payment card transactions per month for 175,000 merchants in one of the largest breaches on record. This past April, the Virginia Department of Health Professions learned that its Prescription Monitoring Program (PMP) computer system had been accessed by an unauthorized user – who then demanded $10 million to return over 8 million patient records and 35 million prescriptions.
As previously reported on this blog, Web threats are growing at a rapid pace in both volume and sophistication – fueled by the financial motivation of cybercriminals. Our research also showed that email threats were the top concern of IT professionals – but while email protection is important, the new vector of attack is the Web – and only 15% of organizations reported having Web security measures in place while 85% of new malware originates via the Web.