The Latest Check Point News
Product and Solution Information, Press Releases, Announcements
Check Point Survey Reveals Nearly Half of Enterprises Are Victims of Social Engineering | |
Posted: Wed Sep 21, 2011 01:25:50 PM | |
Redwood City, CA — Wed, 21 Sep 2011 - Check Point® Software Technologies Ltd. (Nasdaq: CHKP), the worldwide leader in securing the Internet, today announced the results of a new report revealing 48 percent of enterprises surveyed have been victims of social engineering, experiencing 25 or more attacks in the past two years, costing businesses anywhere from $25,000 to over $100,000 per security incident. The report, The Risk of Social Engineering on Information Security, shows phishing and social networking tools as the most common sources of socially-engineering threats – encouraging businesses to implement a strong combination of technology and user awareness to minimize the frequency and cost of attacks. Socially-engineered attacks traditionally target people with an implied knowledge or access to sensitive information. Hackers today leverage a variety of techniques and social networking applications to gather personal and professional information about an individual in order to find the weakest link in the organization. According to the global survey of over 850 IT and security professionals, 86 percent of businesses recognize social engineering as a growing concern, with the majority of respondents (51%) citing financial gain as the primary motivation of attacks, followed by competitive advantage and revenge. "The survey results show that nearly half of enterprises surveyed know they have experienced social engineering attacks. Knowing that many of these attacks go unnoticed, suggests that this is a very wide and dangerous attack vector that must not be ignored," said Oded Gonda, vice president of network security products at Check Point Software Technologies. While social engineering techniques rely on taking advantage of a person's vulnerability, the prevalence of Web 2.0 and mobile computing has also made it easier to obtain information about individuals and has created new entry points to execute socially-engineered attacks. New employees (60%) and contractors (44%) who may be less familiar with corporate security policies were considered to be the most susceptible to social engineering techniques, in addition to contractors, assistants, human resources and IT personnel. "People are a critical part of the security process as they can be misled by criminals and make mistakes that lead to malware infections or unintentional data loss. Many organizations do not pay enough attention to the involvement of users, when, in fact, employees should be the first line of defense," added Gonda. "A good way to raise security awareness among users is to involve them in the security process and empower them to prevent and remediate security incidents in real time." To achieve the level of protection needed in modern day IT environments, security needs to grow from a collection of disparate technologies to an effective business process. Check Point 3D Security helps companies implement a blueprint for security that goes beyond technology and can educate employees by involving them in the process. "Just as employees can make mistakes and cause breaches or threats within the organization, they can also play a large role in mitigating risks," added Gonda. With Check Point's unique UserCheck™ technology, businesses can alert and educate employees about corporate policies when accessing the corporate network, data and applications – helping companies minimize the frequency, risk and costs associated with social engineering techniques. Key Findings from the Report:
The survey, The Risk of Social Engineering on Information Security, was conducted in July and August 2011, surveying over 850 IT and security professionals located in the U.S., Canada, U.K., Germany, Australia and New Zealand. The survey sample represents organizations of all sizes and across multiple industries, including financial, industrial, defense, retail, healthcare and education. "Security is not just a problem for IT administrators; it must be part of every professional's role. As the industry faces a rise in sophisticated and targeted threats, user involvement makes security technology smarter and more effective," concluded Gonda. |