Companies are taking a greater interest in Web 2.0 security threats and taking steps to protect sensitive customer information and intellectual property, according to a new survey released today.
Security vendor Finjan surveyed more than 1,300 IT and security professionals and found that 91% of all respondents perceive cybercrime as a major business risk. Of those respondents who identified themselves as cheif information officers and CSOs, 73% said they were more concerned about data theft than about downtime or loss of productivity as a result of virus infections.
"They're really understanding the magnitude of the problem when they look at cybercrime today," said Yuval Ben-Itzhak, Finjan's chief technology officer. "It's no longer the temporary productivity issues they used to have when they had a virus."
Finjan conducted the online survey in July. The goal was to assess their concern with respect to data theft and loss of productivity as a result of crimeware attacks, Ben-Itsak said. Many employees are using social websites and blogs, areas were attacks are more abundant, he said.
"People are starting to realize that the methods that criminals are using to distribute their malicious code signatures will not be able to detect them in real time," Ben-Itzhak said. "Since the criminal encrypted and obfuscated the code, it's almost impossible to hold a signature for every piece of malicous code out there."
In May, Finjan researchers uncovered rogue servers containing the sensitive email and Web-based data of thousands of people, including healthcare information, credit card numbers, business personnel documents and other sensitive data. Ben-Itzhak said the servers have been shut down, but the cybercriminals likely moved on to new servers. They also demonstrated how easy it is to find sensitive data with a simple Google search.
"We still find more and more of these servers almost on a daily basis. It's a relatively easy way for cybercriminals to bridge data, collect it and sell it online," Ben-Itzhak said. "The tools they're using are improving, so it's a very dynamic and active community."
Last week, Forrester Research Inc. released the results of its annual survey of 1,200 IT security pros, which found that companies are moving forward with security projects despite the uncertain economy. Fifty-nine percent of those surveyed said their main objective is to protect customer data, followed by protecting corporate intellectual property and sensitive internal data (54%).
IT security budgets are rising too. The amount of IT budget devoted to security has risen to 10% in 2008, an increase of 2% over last year's budget. Khalid Kark, a principal analyst at Forrester Research, suggested that security organizations are making a better case for security projects that fit into the company's overall business objectives. Company executives have also made protection from data breaches a top priority to avoid brand damage as a result of a highly publicized breach.