Mobile Security by the Numbers

Posted by Lou Person on Jun 09, 2011 in Cloud Journey
Why IT should be worried
According to recently released data, mobile security exploits were on track to double between 2010 and 2011. [1] The news goes from bad to worse when you factor in these disturbing trends in the toll cybercrime takes on business: [2] Based on a comparison of 2010 and 2011, cybercrime was:

  • 44% more common.  On average, participating organizations experienced more than one successful cyber-attack per company per week
  • 56% more costly.  Cybercrime now costs organizations an average of $5.9 million per year

On an annualized basis, of total external costs per year:

  • Lost productivity accounts for 28%
  • Information theft accounts for 40%

On an annualized basis, of total internal costs per year:

  • Recovery and detection accounts 45%. 
  • 67% more time consuming
  • The average time to resolve a cyber-attack is now 18 days.
  • The average time to contain malicious insider attacks is now 45 days.

Who may not be worrying enough and why
Despite the alarming increases in incidences and costs of security breaches, of the nearly 10,000 business leaders and IT executives who participated in a recent Global Security   Survey [3]:

  • 51 % said they were postponing security-related capital expenditures.
  • 48 % said they were deferring security-related projects.

Although spending on technologies to protect Web attack vector increased, including:

  • Application firewalls (up from 72 % to 80%)
  • Malicious-code-detection tools (up from 72 % to 83 %)
  • 43 % identified said their companies are security leaders; although technically, just 13 % actually met the criteria. * See note below.

Note: It is widely accepted that to be considered a true security leader, a company must meet the following criteria:

  • It must have a security strategy in place.
  • Its IT security team must report to senior business leadership.
  • Its security policy must be reviewed on an annual basis.
  • It must understand the cause of any security brief it has suffered.

_______________
[1] “IBM X-Force 2011 Mid-Year Trend and Risk Report,” September 2011.
[2] “Second Annual Cost of Cyber Crime Study,” sponsored by HP conducted by the Ponemon Institute, August 2011.
[3] “2011 Global State of Information Security Survey,” PricewaterhouseCoopers, CIO Magazine and CSO Magazine, September 2011.