Forty-nine percent of respondents cited data leakage of customer or employee data as their primary area of concern. Coming in a close second, concerns about e-mail-borne malware/phishing were cited by 41% of survey respondents. Web-borne malware and insider threats/theft were also worrisome to security professionals, both cited by 36% of the respondents.
When asked about the top security and organizational challenges, 49% of survey respondents cited lost or stolen devices. Tied for second place, 47% of respondents noted both non-malicious employee errors and educating employees. Budgetary constraints trouble 44% of respondents.
54% of respondents admitted that they had dealt with a security incident - defined as an unexpected activity that brought sudden risk to the organization and took one or more security personnel to address - in 2007. Additionally, 13% stated that they addressed more than 20 security incidents during 2007.
Of these incidents, data leakage of customer or employee data, insider threats/theft and intellectual property theft accounted for 29%, 28% and 16% respectively. However, only 11% of those surveyed publicly disclosed any of those security breaches or possible data losses.
In an attempt to uncover the impact of the “Storm” worm and resulting botnet, a backdoor Trojan horse that had detrimental affects on computer operating systems and received extensive media coverage in 2007, the survey found that a mere two percent of organizations were seriously affected by the outbreak. Conversely, 86% said that their organization was not affected by Storm at all.