Promisec Release Findings from Security Audits of 100,000 Desktops
In scans of more than 100,000 PCs and servers across a number of industries shows alarming rise in internal security threats in the past year.
Security firm Promisec announced findings from security audits of more than 100,000 corporate endpoints. The audits were conducted in the first six months of 2008 in enterprises of different sizes and revealed that not even one organization was completely clean from internal threats, and the minimum number of threats found was three.
Promisec’s security audits were done across a number of industries, including finance, healthcare, insurance, manufacturing, etc. and found that:
• Use of unauthorized removable storage continues to rise in organizations.
• The number of endpoints that do not apply threat management agents or are not updated with the latest build or signatures continues to rise.
• Instances of unauthorized instant messaging continue to increase in all organizations.
– 12% of infected computers had a missing or disabled anti-virus program
– 10.7% had unauthorized personal storage like USB sticks or external hard drives,
– 9.1% had unauthorized peer-to-peer (P2P) applications installed
Of note: dramatic increase in poor security postures verus the 2007 study results.
For example, the percentage of infected computers with unauthorized remote control software had increased by more than 200-fold; a 12-fold increase in PCs with diabled anti-virus; and a 10-fold increase in PCs with unauthorized storage, like USB drives, iPods, or smartphones.