The 2009 Security Mega Trends Survey was conducted by Ponemon Institute and sponsored by Lumension to better understand if certain publicized IT risks to personal and confidential data are, or should be, more or less of a concern for companies. We asked 577 IT security practitioners to consider how 10 Security Mega Trends affect companies today and to predict their impact during the next 12 to 24 months. The opinions of these experts, we believe, will be helpful to companies that are struggling to understand how they should allocate resources to the protection of data during these difficult economic times.
We selected the following mega trends for this study based on input from a panel of experts in IT security. They are: cloud computing, virtualization, mobility and mobile devices, cyber crime, outsourcing to third parties, data breaches and the risk of identity theft, peer-to-peer file sharing and Web 2.0.
The study examined the risks posed by mega trends that exist today and how the risk will change over the next 12 to 24 months. According to an overwhelming 77 percent of individuals in IT security responding to our survey, cyber crime will become a high or very high risk over the next 12 to 24 months.
The selection of cyber crime as the mega trend most likely to be a high or very high risk in the next 12 to 24 months can be partly based on the fact that 92 percent of respondents in our study reported that their companies have had a cyber attack. The biggest security risk associated with cyber crime is that such an attack will cause a business interruption followed by the theft of customer and employee data.
Other mega trends becoming more risky are cloud computing, malware, web 2.0 and mobile devices. In the case of cloud computing, it is the inability to assess or verify the security of data centers in the cloud and protect sensitive and confidential information. IT security practitioners see the risk of malware and Web 2.0 as resulting in the loss of sensitive or confidential business information including trade secrets.
It is interesting to note that in our study IT security respondents perceive the risk of a mobile workforce as decreasing but mobile devices remaining a high or very high risk for many companies. According to respondents, the most risky mobile device is the laptop computer and the number one concern is the inability to properly identify and authenticate remote users.