@Risk

Having a hard time waking up this Monday morning? Here are a few alarming statistics that I think may provide just the jolt you need:

Last month, Symantec  Corp. surveyed 2,100 enterprise CIOs, CISOs and IT managers from 27 countries and found that a whopping three-fourths of them had experienced cyber attacks in the past 12 months. More than one-third (36 percent) rated the attacks somewhat/highly effective, and worse still, more than one-quarter (29 percent) reported attacks have increased over the past year.

These attacks cost enterprise businesses an average of $2 million per year, and when you put all of this information together,  it’s no surprise that the 2010 State of Enterprise Security study also found that 42 percent of the survey respondents rate security as their top issue. (See graphic above.)

In addition, Symantec discovered that:

• Every enterprise (that’s 100 percent!) experienced cyber losses in 2009. The top three reported losses were theft of intellectual property, theft of customer credit card information or other financial information, and theft of customer personally identifiable information. These losses translated to monetary costs 92 percent of the time. The top three costs were productivity, revenue, and loss of customer trust.

• Enterprise security is becoming more difficult due to a number of factors, including understaffing, new IT initiatives that intensify security issues and IT compliance issues.

• Nearly all the enterprises surveyed (94 percent) forecasted changes to security in 2010, with almost half (48 percent) expecting major changes.

Fortunately, the report also contains specific recommendations to help mitigate the risk of cyber attacks. For instance, Symantec suggests that you:

• Protect infrastructure by securing endpoints, messaging and Web environments. In addition, make it a priority to defend critical internal servers and implement the ability to back up and recover data. Your company also needs the visibility and security intelligence to respond to threats rapidly.

• Protect information proactively by taking an information-centric approach that secures both information and interactions. Taking a content-aware approach to protecting information is key in knowing where sensitive information resides, who has access, and how it is coming in or leaving your organization.

• Develop and enforce IT policies and automate compliance processes. By prioritizing risks and defining policies that span across all locations, customers can enforce policies through built-in automation and workflow and not only identify threats but remediate incidents as they occur or anticipate them before they happen.

• Manage systems by implementing secure operating environments, distributing and enforcing patch levels, automating processes to streamline efficiency, and monitoring and reporting on system status.

For more details, see the full report available here.