Industry Survey Shows High-Profile Corporate Data Breaches Have Yet to Impact IT Security Attitudes

Insider Threats Still Not Considered Critical Security Issue, According to
Lieberman Software Survey of IT Professionals
LOS ANGELES--(Business Wire)--
Despite recent headlines announcing major corporate data breaches, concerns
about insider security threats remain a low priority for enterprise
organizations. According to a survey of IT industry professionals, insider
security threats and corporate data breaches are lesser security concerns than
more traditional security risks, such as viruses, Trojans and worms. The survey
was conducted by Lieberman Software Corporation, a developer of privileged
account password management solutions. 

"The findings of this survey are consistent with the current state of security
in the market," said Philip Lieberman, president and CEO of Lieberman Software.
"Most organizations are focused on external threats, like protecting their email
servers from the outside world. However, insiders pose a very serious risk
because of their privileged access to sensitive information, systems and
networks. There has been a steady stream of news stories about extensive data
breaches caused by an internal source, and I expect we`ll see more in this
current economic environment unless companies begin to take the threat
seriously." 

Recent data breaches at Heartland, Monster, TJX Companies, and Societe Generale
have significantly raised the profile of insider threats to critical corporate
information assets. In many of these cases, an unauthorized user was able to
decrypt one local password and gain unrestricted access to sensitive data on
every system in the network that used the same credentials. 

"Insider threats are now the root cause of most data breaches, whether by
malicious acts or accidents," Lieberman added. "These threats can be controlled
if organizations properly educate their staff and implement the appropriate
technology to deal with these risks, rather than relying almost exclusively on
firewalls, antivirus tools, and other conventional solutions that are no defense
against modern attacks. We`ve discovered that while many organizations are
vulnerable to insider threats, they don`t realize how easily their systems can
be compromised from within. And the insider threat is growing, particularly in
this economy as the number of disgruntled and terminated employees increases." 

Key survey information revealed:

* Cost-savings is still the major driver for IT spending: While cost-savings
initiatives were rated the highest driving factor for IT spending at 53.6
percent, protecting information assets from new security threats garnered just
15.2 percent of survey respondents. As the security threat level continues to
increase, the decision to save money in IT by not investing in proper security
measures could lead to more of the high-profile breaches that have recently
occurred. 
* The biggest security concerns remain hackers, viruses, and other external
threats: Only 11.7 percent of survey respondents rated corporate data breaches
as the top security concern, and just 12.4 percent considered insider security
threats to be the biggest concern. Hackers, viruses, Trojans, worms, and even
human error all rated higher. 
* The current economic climate is a factor: 75.9 percent of survey respondents
said that the current economy has impacted security concerns at their
organizations. 60.7 percent of respondents work at organizations that have
reduced their IT budgets in 2009. These issues could account for the emphasis on
cost-savings initiatives and the focus on more traditional security threats, at
the expense of investigating and acquiring solutions for emerging corporate data
breach threats. 
* IT hires are frozen or decreasing: Not surprisingly, considering the current
economic climate, 40.2 percent of organizations have reduced their staff in
2009, while only 12.5 percent have increased staff. Former employees with access
to privileged account credentials continue to pose a particularly serious
internal security threat.

The online survey was conducted earlier this month among a range of IT
professionals - including administrators, managers, executives, and auditors -
from organizations in every major vertical market worldwide. 

Lieberman Software announced findings of the survey at RSA Conference 2009. The
company is exhibiting in booth 733 at the show. For more information, view the
survey results. 

About Lieberman Software Corporation

Lieberman Software provides privileged identity management and configuration
management solutions that help control the local and domain security of the
cross-platform enterprise. By automating time intensive systems administration
tasks, Lieberman Software increases control over the IT infrastructure,
subsequently reducing security vulnerabilities, improving productivity,
minimizing system failures, and ensuring compliance. Since 1994 Lieberman
Software has been providing solutions which ensure that the largest corporate,
education, and government enterprises remain managed, secure, and compliant. The
company is a managed Microsoft Gold Certified Partner headquartered in Los
Angeles, CA. For more information, see www.liebsoft.com. 

Product and company names herein may be trademarks of their registered owners. 





Lieberman Software Corporation
Kevin Franks, 1-800-829-6263 or 310-300-3562
Marketing Communications Manager
kfranks@liebsoft.com
www.liebsoft.com



Copyright Business Wire 2009