News Stay informed about the latest enterprise technology news and product updates.

Companies fear dark corners of the virtual world

According to a recent IBM survey, enterprises are now more concerned about threats in cyberspace than about those in the physical world.

The dark alleys of cyberspace have become as real as those in the physical world, and probably more dangerous. That's the perception of about 600 U.S. IT professionals IBM surveyed in December and January.

Stuart McIrvine, IBM's director of corporate security strategy, said more than ever before businesses and consumers understand that cybercrime is at least as dangerous as physical crime.

"They also see cybercrime as a battle they can't fight on their own," McIrvine said. "They believe businesses, technology providers and law enforcement must work together on the right safeguards."

Nearly 60% of respondents said cybercrime could cost their companies more than physical crime, IBM found. Those polled expressed concern that online attacks could cost their companies in revenue, customers and worker productivity. Eighty-four percent said organized, tech-savvy criminal groups are replacing lone hackers as the biggest threat. Three-quarters of those surveyed believe unprotected systems located in developing countries are adding to the overall threat.

More on security

Tool minimizes threat of insider attacks

Many mobile workers without basic security measures

Meanwhile, 74% said threats to corporate security are now coming from inside the organization. But McIrvine said respondents don't seem to be taking adequate steps to deal with that.

"When you ask about what [respondents'] priorities are, they still talk about perimeter protection," he said. While perimeter protection is necessary to blunt attempted hackings and malware attacks coming from the outside, it won't help against cyberattacks coming from the inside, he added.

Eighty-three percent of respondents expressed confidence that they're protecting their enterprise by upgrading their AV software (73%), upgrading their firewall (69%); implementing intrusion detection/prevention technologies (66%); and putting a vulnerability/patch management system on the network (53%).

Asked what their two most important security priorities are for the next year, 39% said upgrading their AV software and 32% said upgrading their firewall.

McIrvine said IT professionals can't defend against the evolving threats of the digital age if most of their attention is on the AV and firewall -- especially if they have any hope of countering the insider threats. To that end, IT shops need to put more emphasis on who their users are and tightening data and systems access rules.

"There always has to be a balance between the user-centric view and the data-centric view," he said. "The user centric view looks at who's the user, what roles exist and how should user groups be put together. The data centric view looks at what data a company has and what information needs to be classified."

Based on these classes, he said, "You need to perform risk management to decide what your core priorities are and what kinds of protection you need."

The survey results indicate that IT executives in the finance sector are more concerned about cybercrime versus physical crime: 50% cited it as a bigger threat vs. 38% of the total surveyed. Respondents from the finance sector also expressed more concern about the cost impact of cybercrime than IT executives in other industries -- 71% vs. 57%.

Cybercrime also outweighed physical crime for respondents in the healthcare and manufacturing sectors. Respondents in the retail sector still see physical crime as the biggest threat, however.

The results also indicate respondents in the healthcare and finance sector are more worried about losing prospective customers than those in the retail and manufacturing sectors. Manufacturing respondents view damage to brand/reputation as far more of a concern (52%) than in the healthcare (40%), financial (35%) and retail (32%) segments.

This article originally appeared on

Dig Deeper on Enterprise information security management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.