Bit9 has announced the results of its third-annual Server Security Survey of nearly 800 IT and security professionals worldwide.
Key findings include:
• 55 percent of security professionals were concerned about targeted attacks and data breaches on servers in 2013—up 3 percent from 2012, and up 18 percent from 2011.
• Only 13 percent of respondents are “very confident” in their ability to stop advanced threats targeting servers.
• 26 percent of respondents admitted their servers were hit by advanced malware, up 1 percent from 2012 and up 9 percent from 2011.
• 25 percent of respondents “don’t know” if they’ve been hit by a server attack, up 7 percent from last year.
• Only 3 percent of respondents said their virtual servers posed the highest risk. However, of those who administer an environment consisting of more than 75 percent virtual servers and who rated their virtual servers as having a “higher level” of security, 24 percent still admitted to being hit by advanced malware.
• 92 percent of respondents use signature-based antivirus software on their servers, despite AV’s inability to stop advanced threats and targeted attacks, while only 29 percent use a more effective new-generation security solution, such as application control or whitelisting.
Server security remains one of the most critical aspects of any company’s security posture. Servers are where the majority of customer data, intellectual property and user credentials are stored, which is why they are the target of most advanced threats. Failure to protect servers from advanced threats can lead to significant data loss, brand damage, large financial penalties, and diminished customer confidence. The 2013 Bit9 Server Security Survey found that organizations continue to lack the necessary tools to properly detect and protect their server environments—both physical and virtual—against advanced threats and malware.
“It is alarming to see that in 2013, 92 percent of IT and security professionals still rely on old-fashioned security solutions—particularly antivirus—and only a quarter of those surveyed have deployed a new generation of server security that doesn’t rely on signatures and is much more effective at detecting and stopping advanced threats and targeted attacks,” said Nick Levay, Bit9 chief security officer.
“Another very interesting result is the response to the question about which types of servers pose the highest risk. More than half of respondents said Web servers. While it’s true Web servers may present the greatest risk of being compromised, the real risk that organizations must be aware of is which types of servers could cause the most damage to the business if they were breached. In that case it’s database and file servers because the data those machines contain is significantly more desirable to cyber criminals, hacktivists and nation-states,” Levay said.