Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

90 Percent of Security Pros Take Note of High-Profile Breaches, But Majority Do Nothing

August 30, 2011

New Tenable Network Security Study Uncovers ‘It Won’t Happen to Me’ Mentality Among Security Pro Community

New findings from a Tenable Network Security study have uncovered an ‘It Won’t Happen to Me’ mentality amongst security professionals.  According to the study, more than 90 percent of attendees surveyed at the 2011 Gartner Security & Risk Management Summit discussed large-scale, high-profile breaches like RSA, Citigroup and Sony with senior management, yet only 23 percent did anything beyond that.

“It would be impossible and impractical to make changes, updates or company-wide announcements for every data breach reported,” said Ron Gula, CEO and CTO at Tenable Network Security.  “But with record-breaking exposures like what we’ve seen this year, there’s an opportunity for us to learn and to educate employees about the implications of a security breach and reinforce existing policies and information security practices. This is also a clear sign that the majority of security pro’s have been getting by on ‘just good enough’ security practices that help them pass an audit, but don’t truly secure their business.”

Insider Threats:  A Problem, but Not a Priority.

Nearly half (46 percent) of attendees surveyed had experienced some form of insider threat while at their current company, but surprisingly ‘preventing insider threats’ was ranked the second-lowest information security priority for the next six to eight months by the field.  Even more surprising, one in three security professionals admitted that they had violated internal security policies they created in order to complete a work-related task quickly and/or easily.

“The productivity versus security battle continues to create problems for enterprises,” added Gula.  “Employees, including privileged security professionals, are going to do whatever it takes to get the job done, regardless of policies or security risks.”

According to recent Verizon Business Data Breach Investigations Reports, insider threats are one of the leading sources of data leakage and theft.  Findings indicate that nearly one in three breaches over the past two years came as a result of an insider attack, and, in 2010, 93 percent of insider breaches were considered deliberate, malicious attacks - a three percent increase over the previous year.  These statistics reinforce the critical need for real-time visibility into all network activity, policy enforcement and continuous assessment and monitoring within every enterprise.

2011 Roadmap: Mobile Device Security and Advanced Persistent Threats Top the Agenda

The ubiquity of mobile devices and the continued consumerization of IT opens enterprises up to a variety of new security risks.  As a result, attendees at the event marked mobile device security as their top information security priority for the second half of 2011. 

It was closely followed by ‘neutralizing advanced persistent threats’ and ‘staying ahead of zero-day attacks.’  Not surprisingly, nearly 85 percent of attendees considered advanced persistent threats a real concern, but only 28 percent pegged it as one of their top concerns for their business. 

“Top execs and key employees rely on smart phones, tablets and laptops to work from the road, so it’s not surprising that hackers see that transition and are increasingly targeting mobile platforms,” said Gula.  “While it’s encouraging to see that the advanced persistent threat is front of mind for the majority of security professionals, it’s critically important for organizations to cut through the hype and understand the profile for these types of attacks, account for what’s at stake, and develop a strategy for protecting their most valuable digital and physical assets.” 

About Tenable

Tenable®, Inc. is the Cyber Exposure company. Over 24,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver Tenable.io®, the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include 53 percent of the Fortune 500, 29 percent of the Global 2000 and large government agencies. Learn more at tenable.com.

Contact Information:

Cayla Baker
[email protected]
(443) 539-6476

Stay up to date!

Subscribe to our email alerts for new press releases.

Subscribe for press release updates

Try for Free Buy Now

Try Tenable.io Vulnerability Management


Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Try Nessus Professional Free


Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.