Welcome!

News Feed Item

Dell Global Security Survey: Organizations Overlook Powerful New Unknown Threats, Despite Significant Costs

A new generation of unknown security threats stemming from megatrends and technologies like BYOD, mobility, cloud computing, and Internet usage, as well as internal actions both accidental and malicious, introduce organizations to a multitude of new risks. According to a Dell global security survey released today, however, the majority of IT leaders around the world say they don’t view these threats as top security concerns and are not prioritizing how to find and address them across the many points of origin. In fact, when respondents were asked to look at long term priorities, only 37 percent ranked unknown threats as a top security concern in the next five years.

Epidemic threats come from all perimeters, both inside and outside of the organization, and are often hidden in poorly configured settings or permissions, and ineffective data governance, access management and usage policies. Dell’s global security survey of leading public and private sector security decision-makers gauged their awareness of, and preparedness for this new wave of threats plaguing IT security.

Some key findings include:

  • 64 percent of respondents agree that organizations will need to restructure/reorganize their IT processes, and be more collaborative with other departments to stay ahead of the next security threat. Of those surveyed in the United States, 85 percent said this approach is needed, contrasting with the U.K. (43 percent) and Canada (45 percent), which were the least convinced this would be necessary
  • Nearly 90 percent of respondents believe government should be involved in determining organizations’ cyber defense strategies, and 78 percent in the Unites States think the federal government plays a positive role in protecting organizations against both internal and external threats, which underscores the need for strong leadership and guidance from public sector organizations in helping secure the private sector

Unknown Threats Come From Every Perimeter, Both Inside and Outside of the Organization

The dramatic spike in social engineering, malicious and/or accidental internal attacks, as well as sophisticated, advanced persistent threats means the organization is vulnerable from all directions. All stakeholders must immediately take action to strengthen access to points inside and outside the perimeter, and help users prevent such attacks.

  • 67 percent of survey respondents say they have increased funds spent on education and training of employees in the past 12 months; 50 percent believe security training for both new and current employees is a priority
  • 54 percent have increased spending in monitoring services over the past year; this number rises to 72 percent in the United States

Among the IT decision-makers surveyed, BYOD, cloud and the Internet were the top areas of concern for security threats.

  • BYOD ─ A sizable number of respondents highlighted mobility as the root cause of a breach, with increased mobility and user choice flooding networks with access devices that provide many paths for exposing data and applications to risk.
    • 93 percent of organizations surveyed allow personal devices for work. 31 percent of end users access the network on personal devices (37 percent in the United States)
    • 44 percent of respondents said instituting policies for BYOD security is of high importance in preventing security breaches
    • 57 percent ranked increased use of mobile devices as a top security concern in the next five years (71 percent in the U.K.)
    • 24 percent said misuse of mobile devices/operating system vulnerabilities is the root cause of security breaches
  • Cloud ─ Many organizations today use cloud computing, potentially introducing unknown security threats that lead to targeted attacks on organizational data and applications. Survey findings prove these stealthy threats come with high risk.
    • 73 percent of respondents report their organizations currently use cloud (90 percent in the United States)
    • Nearly half (49 percent) ranked increased use of cloud as a top security concern in the next five years, suggesting unease for the future as only 22 percent said moving data to the cloud was a top security concern today
    • In organizations where security is a top priority for next year, 86 percent are using cloud
    • 21 percent said cloud apps or service usage are the root cause of their security breaches
  • Internet ─ The significance of the unknown threats that result from heavy use of Internet communication and distributed networks is evidenced by the 63 percent of respondents who ranked increased reliance upon internet and browser-based applications as a top concern in the next five years.
    • More than one-fifth of respondents consider infection from untrusted remote access (public wifi) among the top three security concerns for their organization
    • 47 percent identified malware, viruses and intrusions often available through web apps, OS patching issues, and other application-related vulnerabilities as the root causes of breaches
    • 70 percent are currently using email security to prevent outsider attacks from accessing the network via their email channel

Combat Known and Unknown Threats

The survey revealed that 76 percent of IT leaders surveyed (93 percent in the United States) agree that to combat today’s threats, an organization must protect itself both inside and outside of its perimeters. This requires not only a comprehensive set of solutions that protects from the inside out and the outside in ─ from the endpoint, to the data center to the cloud ─ but one that also connects these capabilities to provide deeper insights and stronger predictive analytics so that strategic action can be taken quickly.

Supporting Quotes:

Stacy Duncan, vice president, IT, DavCo

“All threats expose an organization to significant risk, but unknown threats, particularly, are silent predators that can have profound and catastrophic implications on performance and continuity. At the same time, compliance demands are ever-growing in complexity. We took proactive steps to guard ourselves both from inside and outside of our perimeters. As a retailer, we take all possible measures to protect our customers, while ensuring PCI compliance for our stores. We have deeper insights and network visibility that all keep our data safe and help us stay compliant because Dell’s Connected Security portfolio weaves security tightly into all areas in and around our network.”

Will Markham, security practice lead, Colt Enterprise Services

“In today's increasingly complex threat landscape, one of the most common threats comes from employees who download and install unauthorized software, without understanding the potential risks associated with their actions. Unfortunately, organizations are not always able to identify new vulnerabilities quickly enough. This is compounded by the anytime, anyplace, anywhere nature of accessing business data ─ everywhere from inside the network to application layers and mobile devices. As an international IT services company, protecting our customers’ information is critical, and we are constantly working to ensure that all measures are in place to ensure their data is secure at all times.”

Mary Hobson, Director, eResearch South Australia

"Although cloud presents massive opportunities for corporate IT in terms of cost savings, security issues are rising to the forefront. Hosting software in the cloud presents security issues that have to be tackled in a thoughtful and connected way, versus in silos or traditional perimeter defenses. In protecting our cloud and making it the best possible platform for our researchers, our strategy includes a sharper focus on security threats that originate both from the application layer and from internal users who may threaten our network either intentionally or by accident. Our researchers are now able to access secure data 40 times faster because of our highly scalable, easily manageable cloud platform enabled by Dell.”

Ash Motiwala, chief technology officer, Identropy

“External hackers have been the focus of news reports recently, and the threats they pose get lots of attention. Just as lethal to a company’s data, however, are the unknown threats that can emerge from within the organization. At Identropy, we know that an identity and access management strategy that safeguards the network with strong tools for provisioning, privileged account management, and managing and governing access is the key to diminishing unknown internal threats, and our customers count on us to ensure their identity and access management initiatives are successful. As a visionary, Dell understands the security landscape, which is why Dell solutions can be counted on to protect the network from both outside and inside the perimeter.”

Matt Medeiros, vice president and general manager, Dell Security Products, Dell Software Group

“Traditional security solutions can defend against malware and known vulnerabilities, but are generally ineffective in this new era of stealthy, unknown threats from both outside and inside the organization. These threats evade detection, bypass security controls, and wreak havoc on an organization’s network, applications, and data, but despite these dangers, our study found, among those surveyed, organizations are just not prepared. There is still a disturbing lack of understanding and awareness of the type of impact and detriment caused by the unknown threats that can come from both sides of an organization’s data flow. As a result, we believe a new security approach is needed ─ one that’s embedded in the fabric of software, governing access to every application and protecting every device, both inside and outside a corporate network. Only then, with this Connected Security approach, will organizations have a chance at keeping one step ahead of these epidemic threats that can significantly damage their network.”

About the Survey

Dell Software commissioned Vanson Bourne to survey 1,440 IT decision makers in organizations with 500+ employees or end users. The survey took place from October-November 2013 across the U.S. (300), Canada (60), U.K. (200), France (200), Germany (200), Italy (60), Spain (60), India (200), Australia (60), and Beijing (100). Both the private and public sectors were interviewed with specific focuses on: retail, consumer products, manufacturing, higher education, education (excluding higher), government/public services, healthcare (private and public), financial services, and other commercial sectors.

1 2008 US Census Bureau reported 20,475 firms in US with equivalent demographics to the study (500+ employees). The study showed that 87% of surveyed US organizations have suffered a security breach in the last twelve months. Taking 87% of the US firms mentioned above (17813) and multiplying this figure by the average cost of security breaches reported by US respondents in the survey ($1.45M).

Supporting Resources:

Delivering Complete and Connected Security

Dell Connected Security gives organizations the power to solve their biggest security and compliance challenges today, while helping them better prepare for tomorrow. From the device to the data center to the cloud, Dell helps mitigate risks to enable the business.

About Dell

Dell Inc. listens to customers and delivers innovative technology and services that give them the power to do more. For more information, visit www.dell.com.

Dell is a trademark of Dell Inc. Dell disclaims any proprietary interest in the marks and names of others.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
Everywhere we turn in our industry we can find strong opinions about the direction, type and nature of cloud’s impact on computing and business. Another word that is used in every context in our industry is “hybrid.” In his session at 20th Cloud Expo, Alvaro Gonzalez, Director of Technical, Partner and Field Marketing at Peak 10, will use a combination of a few conceptual props and some research recently commissioned by Peak 10 to offer a real-world consideration of how the various categories of...
Five years ago development was seen as a dead-end career, now it’s anything but – with an explosion in mobile and IoT initiatives increasing the demand for skilled engineers. But apart from having a ready supply of great coders, what constitutes true ‘DevOps Royalty’? It’ll be the ability to craft resilient architectures, supportability, security everywhere across the software lifecycle. In his keynote at @DevOpsSummit at 20th Cloud Expo, Jeffrey Scheaffer, GM and SVP, Continuous Delivery Busine...
Most DevOps journeys involve several phases of maturity. Research shows that the inflection point where organizations begin to see maximum value is when they implement tight integration deploying their code to their infrastructure. Success at this level is the last barrier to at-will deployment. Storage, for instance, is more capable than where we read and write data. In his session at @DevOpsSummit at 20th Cloud Expo, Josh Atwell, a Developer Advocate for NetApp, will discuss the role and value...
SYS-CON Events announced today that Outscale, a global pure play Infrastructure as a Service provider and strategic partner of Dassault Systèmes, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Founded in 2010, Outscale simplifies infrastructure complexities and boosts the business agility of its customers. Outscale delivers a secure, reliable and industrial strength solution for its customers, which in...
SYS-CON Events announced today that Peak 10, Inc., a national IT infrastructure and cloud services provider, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Peak 10 provides reliable, tailored data center and network services, cloud and managed services. Its solutions are designed to scale and adapt to customers’ changing business needs, enabling them to lower costs, improve performance and focus intern...
SYS-CON Events announced today that CollabNet, a global leader in enterprise software development, release automation and DevOps solutions, will be a Bronze Sponsor of SYS-CON's 20th International Cloud Expo®, taking place from June 6-8, 2017, at the Javits Center in New York City, NY. CollabNet offers a broad range of solutions with the mission of helping modern organizations deliver quality software at speed. The company’s latest innovation, the DevOps Lifecycle Manager (DLM), supports Value S...
A strange thing is happening along the way to the Internet of Things, namely far too many devices to work with and manage. It has become clear that we'll need much higher efficiency user experiences that can allow us to more easily and scalably work with the thousands of devices that will soon be in each of our lives. Enter the conversational interface revolution, combining bots we can literally talk with, gesture to, and even direct with our thoughts, with embedded artificial intelligence, whic...
In order to meet the rapidly changing demands of today’s customers, companies are continually forced to redefine their business strategies in order to meet these needs, stay relevant and continue to see profitable growth. IoT deployment and development is integral in this transformation, and today businesses are increasingly seeing the value of investing their resources into IoT deployments. These technologies are able increase ROI through projects such as connecting supply chains or enabling sm...
Regardless of what business you’re in, it’s increasingly a software-driven business. Consumers’ rising expectations for connected digital and physical experiences are driving what some are calling the "Customer Experience Challenge.” In his session at @DevOpsSummit at 20th Cloud Expo, Marco Morales, Director of Global Solutions at CollabNet, will discuss how organizations are increasingly adopting a discipline of Value Stream Mapping to ensure that the software they are producing is poised to o...
This talk centers around how to automate best practices in a multi-/hybrid-cloud world based on our work with customers like GE, Discovery Communications and Fannie Mae. Today’s enterprises are reaping the benefits of cloud computing, but also discovering many risks and challenges. In the age of DevOps and the decentralization of IT, it’s easy to over-provision resources, forget that instances are running, or unintentionally expose vulnerabilities.
In his opening keynote at 20th Cloud Expo, Michael Maximilien, Research Scientist, Architect, and Engineer at IBM, will motivate why realizing the full potential of the cloud and social data requires artificial intelligence. By mixing Cloud Foundry and the rich set of Watson services, IBM's Bluemix is the best cloud operating system for enterprises today, providing rapid development and deployment of applications that can take advantage of the rich catalog of Watson services to help drive insigh...
SYS-CON Events announced today that SoftLayer, an IBM Company, has been named “Gold Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York, New York. SoftLayer, an IBM Company, provides cloud infrastructure as a service from a growing number of data centers and network points of presence around the world. SoftLayer’s customers range from Web startups to global enterprises.
SYS-CON Events announced today that Super Micro Computer, Inc., a global leader in compute, storage and networking technologies, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Supermicro (NASDAQ: SMCI), the leading innovator in high-performance, high-efficiency server technology, is a premier provider of advanced server Building Block Solutions® for Data Center, Cloud Computing, Enterprise IT, Hadoop/...
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend @CloudExpo | @ThingsExpo, June 6-8, 2017, at the Javits Center in New York City, NY and October 31 - November 2, 2017, Santa Clara Convention Center, CA. Learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
SYS-CON Events announced today that EARP Integration will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. EARP Integration is a passionate software house. Since its inception in 2009 the company successfully delivers smart solutions for cities and factories that start their digital transformation. EARP provides bespoke solutions like, for example, advanced enterprise portals, business intelligence systems an...