Top cyber security concerns: Malicious code, employees run amok

Symantec's 2011 State of Security Survey shows the main costs incurred from cyber attacks were related to downtime and lost productivity

When 3,300 information-technology professionals were asked about cyber security, they said malicious code attacks accounted for the main type of cyber attack their organizations suffered during the past year, although "internal unintentional actions" by well-meaning insiders also wreaked havoc.

While about three-quarters of respondents to the "2011 State of Security Survey" sponsored by Symantec said cyber attack incidents were minimal, 21 percent said they happened "on a regular basis," and 6 percent indicated they have suffered "a large number" during the past year.

[ Prevent corporate data leaks with Roger Grimes' "Data Loss Prevention Deep Dive" PDF expert guide, only from InfoWorld. ]

BY THE NUMBERS: Corporate cyber crime costs skyrocket

When cyber attacks occurred, the main costs incurred were related to "downtime of our environment" and "lost productivity," according to IT professionals in the financial, manufacturing, high-tech, healthcare, real estate, and energy, and other sectors who answered the survey conducted by Applied Research.

The survey's respondents also indicated they considered "targeted attacks," "hackers" and "industrial espionage" to be significant security threats to their organizations, although "well-meaning insiders" who inadvertently cause security problems also got much mention.

That's because one of the biggest headaches right now is a rise in social engineering attacks on employees via social-networking sites that involve tricking the employees into downloading malicious code, says Ashish Mohindroo, senior director of product marketing at Symantec.

The survey reports that the average mean productivity loss in the past 12 months was $915,303. When it was determined that a cyber attack led to loss of customer trust or damaged customer relationships, the amount was $1.14 million over the course of the past year, and loss of sensitive data racked up a $1.71 million loss.

When asked to rate the effectiveness of safeguards in curbing cyber attacks, the most effective method was seen as "keeping patches and definition files current," and "perimeter security," which only goes to show: The more things change, the more they stay the same.

Read more about wide area network in Network World's Wide Area Network section.

This story, "Top cyber security concerns: Malicious code, employees run amok" was originally published by Network World.