MEASURING TRUST IN PRIVACY AND SECURITY
Ponemon Institute
Sign Up for the Ponemon News Feed for special reports and important updates regarding privacy and security

News & Updates

Ponemon Institute is pleased to announce the release of Flipping the Economics of Attacks, sponsored by Palo Alto Networks. In this study, we look at the relationships between the time spent and compensation of today’s adversaries and how organizations can thwart attacks. As revealed in this research, while some attackers may be motivated by non-pecuniary reasons, such as those that are geopolitical or reputational, an average of 69 percent of respondents say they are in it for the money.

...more

November 2009 CA & Ponemon Institute Announces Study at CA's Federal Expo

November 2009 CA & Ponemon Institute Announces Study at CA's Federal Expo

Sponsored by CA, the Cyber Security Mega Trends study surveyed 217 senior-level IT executives employed by various U.S. federal agencies to identify significant areas of risk to information security associated with governmental efforts to adopt new technologies such as cloud computing, virtualization, mobile devices, and Web 2.0 tools such as social networking utilities, blogs and wikis.

 

Ponemon Institute Cyber Security Mega Trends Study Identifies Biggest Threats to Citizen Data, Federal Systems and Critical Infrastructure

Push to Modernize Systems and Constituent Services not without Risk of Compromise

Traverse City, Mich. – November 17, 2009 – E-Government initiatives aimed at modernizing federal information systems to streamline workflow and provide more efficient and convenient constituent services are fraught with risk, according to a new study by the Ponemon Institute, Cyber Security Mega Trends: Study of IT leaders in the U.S. federal government.

 

 

Sponsored by CA, the Cyber Security Mega Trends study surveyed 217 senior-level IT executives employed by various U.S. federal agencies to identify significant areas of risk to information security associated with governmental efforts to adopt new technologies such as cloud computing, virtualization, mobile devices, and Web 2.0 tools such as social networking utilities, blogs and wikis.

According to government IT executives, the most significant threats to confidential data, proprietary government systems, and the nation’s critical infrastructure according to respondents are as follows:

79% of respondents see the rise in the use of collaboration tools as significantly increasing the storage of unstructured data sources that contain confidential or sensitive information that is not adequately protected or secured.

71% of respondents believe that cyber terrorism is on the rise and this trend poses a very serious threat to the protection of proprietary systems as well as our nation’s critical infrastructure.

63% see the mobility of the government workforce as contributing significantly to endpoint security risks as a result of a plethora of insecure mobile data-bearing devices that are susceptible to malware infections and botnet attacks.

52% of respondents say that Web 2.0 applications such as social networking, social messaging, blogging and wikis contribute to the leakage of confidential or sensitive information as well as susceptibility to malware and botnet attacks.

Other mega trends that clearly exacerbate security risks in the U.S. federal government according to government IT executives include: a continued rash of data breach incidents (40%), virtualization technologies (44%), rise in the usage of cloud computing resources and applications (39%), outsourcing to third-parties (34%), and use of open source applications (18%).

Thirty-five percent of respondents said their department’s networks had been victimized by an unauthorized infiltrator one or more time over the past 12 months.  Another 38% of respondents were unsure about possible unauthorized intrusions.

In addition to the above, respondents to the survey reported that the targets representing the most serious threats to data security were wireless devices (57%), endpoints (35%), networks (29%), databases (25%), applications (12%), paper documents (11%), and off-line devices (6%).

“Many federal agencies are moving to take advantage of the efficiencies made possible by today’s technological innovations in order to save time and money, but those improvements must not be made without consideration to the threats to information security,” said Larry Ponemon, chairman and founder, Ponemon Institute.  “Federal systems and networks are already being targeted by cyber criminals who recognize that government agencies can be treasure troves for valuable personally identifiable information.  In order to maintain the public trust, information security must be integral to any updates, and not an afterthought.”