Despite an increased number of IT professionals monitoring and maintaining computers and networks, IT managers and network administrators are spending more time monitoring and maintaining user machines, office networks and servers. Despite this, the levels of unauthorized access/intrusions are holding steady, with significant exposures of sensitive data and potential financial impact on organizations.
2007: A Bad Year for Security
In 2007, more than one-third (38%) of the survey respondents reported that at least one of the user machines at their office had a successful intrusion by a hacker or other unauthorized person in the past two years. Results were similar in 2006 (37%) and 2005 (36%). Among those reporting an unauthorized intrusion of at least one user machine in 2007, a strong majority (64%) categorized the potential financial impact as being of "high impact" (16%) or "medium impact" (48%). More than half indicated that information that might have been obtained was either "highly sensitive" (14%) or "sensitive" (38%), with less than half reporting that the information was only "somewhat sensitive" or "not sensitive at all".
The survey results were even more alarming for unauthorized access of office networks and servers, with over two-thirds of those reporting an intrusion indicating that it was of "medium" or "high" impact, and over half reporting that "sensitive" or "highly sensitive" information might have been obtained. Only a small proportion (12%) of those experiencing an unauthorized intrusion of their enterprise servers characterized the obtained information as "not sensitive at all".
While the percentage of enterprises experiencing unauthorized access/intrusions has not changed significantly from year to year, the proportion of enterprises taking steps to "lock down" user machines/office network has remained high (91% in 2007, 88% in 2006, and 90% in 2005). Similarly, the proportion using firewalls, scanners, detection systems, or other security measures to "lock down" servers remained high (91%, 89%, and 89%).
For each of the past three years, the survey has asked respondents whether there has been a successful intrusion of at least one user machine, their office network, or one or more servers. The results have remained almost identical from year to year: user machines (2007 - 38%, 2006 - 37%, 2005 - 36%); office network (2007 - 28%, 2006 - 27%, 2005 - 29%); and servers (2007 - 26%, 2006 - 25%, 2005 - 26%).
More than half (57%) participating in the 2007 survey reported spending at least 25% of their time monitoring, maintaining, or updating their user machines, office network, or servers, with just over one-third (30%) devoting at least 50% of their time. This was a significant increase compared to the 2006 survey results (48% spent at least 25% of their time) and 2005 survey results (42% spent at least 25% of their time). Because the 2007 results indicate consistent hardware levels among the respondent enterprises and no significant increase in the use of automated scripts, this suggests that IT professionals are having a very busy year handling security and maintenance tasks.
Despite the trend toward spending a larger share of the workweek on monitoring and maintenance, the percentage of respondents actively monitoring security on a daily basis declined significantly. Among those actively monitoring the security of their user machines/network, the proportion doing so on a daily basis declined from 39% in 2005 to 37% in 2006 to 28% in 2007. Similarly, among those actively monitoring the security of their servers, the proportion doing so on a daily basis declined from 45% in 2005 to 43% in 2006 to 35% in 2007. Steve Birnkrant, CEO of Amplitude Research, noted that "one possible explanation for this is better targeting of resources while, perhaps, a more negative interpretation is that IT managers and network administrators are overloaded with tasks.
Interested in information related to this topic? Subscribe to our Information Technology eNewsletter.