IT Managers Say Sensitive Data Exposed

Greater allocation of resources not resulting in fewer intrusions

BOCA RATON, Fla. and ALBUQUERQUE, N.M. -- According to the Third Annual Enterprise IT Security Survey of 350 IT managers and network administrators commissioned by VanDyke Software that examines best practices in intrusion defense, not only is there an increased number of IT professionals monitoring and maintaining their computers and networks, but IT managers and network administrators are also spending more time in their work week monitoring and maintaining user machines, office networks and servers. Despite this, the levels of unauthorized access/intrusions are holding steady, with significant exposures of sensitive data and potential financial impact on organizations.

Intrusions and damage done

In 2007, more than one-third (38%) of the survey respondents reported that at least one of the user machines at their office had a successful intrusion by a hacker or other unauthorized person in the past two years. Results were similar in 2006 (37%) and 2005 (36%). Among those reporting an unauthorized intrusion of at least one user machine in 2007, a strong majority (64%) categorized the potential financial impact as being of “high impact” (16%) or “medium impact” (48%). More than half indicated that information that might have been obtained was either “highly sensitive” (14%) or “sensitive” (38%), with less than half reporting that the information was only “somewhat sensitive” or “not sensitive at all”.

The survey results were even more alarming for unauthorized access of office networks and servers, with over two-thirds of those reporting an intrusion indicating that it was of “medium” or “high” impact, and over half reporting that “sensitive” or “highly sensitive” information might have been obtained. Only a small proportion (12%) of those experiencing an unauthorized intrusion of their enterprise servers characterized the obtained information as “not sensitive at all”.

While the percentage of enterprises experiencing unauthorized access/intrusions has not changed significantly from year to year, the proportion of enterprises taking steps to “lock down” user machines / office network has remained high (91% in 2007, 88% in 2006, and 90% in 2005). Similarly, the proportion using firewalls, scanners, detection systems, or other security measures to “lock down” servers remained high (91%, 89%, and 89%).

VanDyke Software Inc.