Top IT Security Concerns: Network Breaches, Risky User Activity

• By Jabulani Leffall
• 05/13/10

Network breaches represent the foremost nightmare scenario for IT pros, according to a new cross-sector industry report, announced this week.

The report, "7th Annual Survey: Network and System Administrators," by Amplitude Research was sponsored by security solutions provider VanDyke Software. In compiling the report, Amplitude Research recorded the responses of 353 network or system administrators nationwide throughout the second and third weeks of April.

The entire 44-page report can be accessed here (PDF download).

When asked, "What keeps you up at night?" 39 percent of respondents said a network breach. Others (38 percent) worried about risky user activity. Recovery plans, or a lack thereof, represented the main sleep deterrent for 32 percent in the survey.

Employee use of social media emerged as a major concern among IT professionals compared with last year's survey. Such were the views of 40 percent, with 22 percent of that number being "moderately concerned" and 18 percent being "extremely concerned." However, those worries may not be associated with actual security incidents, according to Steve Birnkrant, CEO at Amplitude Research.

"Of course, there are many possible reasons for worrying about a breach to a network, and we are not saying that there is necessarily a primary causal relationship between employee use of social media and network breaches," Birnkrant explained. "But the results do indicate a statistically significant relationship between how concerned network administrators are about employee use of social media and how worried they are about a security breach to their network."

Core Sleep-Deprivation Issues
The survey identified several core issues facing network administrators in 2010. Securing remote access is still the top priority, as it has been for four years running. The top issues include:

1. Securing remote access
2. Keeping virus definitions and AV software up to date
3. Patching systems
4. Monitoring intrusions
5. Securing file transfers
6. Network use monitoring
7. User policy awareness and training
8. Password management and administrative access
9. User training
10. Monitoring of system logs
11. Finding and replacing nonsecure Internet protocols

Cloud Computing Security Still a Concern
Only 15 percent of respondents said that their organization used cloud computing for one or more applications. However, 47 percent said that their organization was considering its use.

Among the small number of cloud computing adopters in the survey, 43 percent rated it "somewhat secure." Those network administrators who hadn't used cloud computing (85 percent) were not bullish about its security, with 56 percent assessing it as "somewhat secure." The cloud still seems to foster uncertainty throughout many IT shops with regard to security.

Security Budgets Increase
The survey also unearthed potential good news for IT organizations feeling the effects of recent budget constraints. IT security has started to get more funding and staffing in enterprises in 2010 compared with last year, in what the report is calling "a reversal of fortune."

Nearly one third (30 percent) of respondents saw an increase in their 2010 security budget, according to the survey. Just 15 percent said the same in 2009.

Budget and staffing considerations were often linked in the minds of the survey participants, according to Birnkrant.

"Often, but not always, those comfortable with their IT security budget are also comfortable with the size of their IT security staff," he said. "It turns out that 44 percent felt that their organization is both budgeted and staffed sufficiently to support current information security needs."