Indian enterprises are more wary of cyber attacks to their IT infrastructure than perceived threats from terrorism and natural disasters, a study by global security solutions provider Symantec said Tuesday.
A study 'On the State of Enterprise Security' conducted in January revealed that Indian enterprises suffered an average revenue loss of Rs.5.8 million due to cyber attacks by elusive hackers in 2009.
“Security has become a main concern to Indian enterprises as cyber attacks are posing a greater threat than terrorism, natural disasters and conventional crimes,” Symantec India managing director Vishal Dhupar told IANS.
Cyber attack is a malicious activity of the IT underworld deployed to steal sensitive information, confidential data and proprietary material for monetary gain. Hackers gain access to the IT infrastructure of enterprises, spanning servers, storage and multiple devices through the internet and browsers.
The study found that 66 percent of the surveyed Indian enterprises faced cyber attacks from external and internal sources in the last 12 months causing loss of confidential data and productivity.
“Securing enterprises and protecting information are more challenging due to understaffing, new IT initiatives and compliance issues. A security blueprint that protects infrastructure as well as information, enforces IT policies and manages systems efficiently can increase the competitive edge of businesses in an information-driven world,” Dhupar said referring to the findings of the study.
The study showed that managing business risk emanating from use of IT will be a key focus area in 2010 for over 80 percent of enterprises though IT security budgets are projected to remain at the 2009 level.
“Each cyber attack mounted had a financial impact on enterprises, besides loss of customer trust and damage to reputation. About 90 percent enterprises face a cost to prevent such attacks and to comply with regulations, as financial loss in productivity was on average Rs. 8.4 million in 2009,” Dhupar said.
Another factor impacting enterprise security spanning networks, endpoints, web and data protection is understaffing.
“Providing security is becoming more complex due to new offerings by IT enterprises such as infrastructure-as-a-service, platform-as-a-service, server and endpoint virtualisation and software-as-a-service.”
The study noted that enterprises have to protect their IT infrastructure by securing endpoints, messaging and web environments.
“Enterprises need to develop and enforce IT policies and automate their compliance processes. By prioritising risks and defining policies that span across all locations, customers can identify threats and remediate incidents as they occur or anticipate them before they happen,” the study said in its recommendations.