Respondents that allow users to download software often find music and social media applications, in addition to viruses and malware, on their computers.
Additionally, almost 80 percent of companies allow employees to use removable storage devices, possibly exposing themselves to the loss of sensitive data, while increasing exposure to malware.
Sverdlove said this happens because many security practitioners are operating using a dated paradigm. Companies use more relaxed policies because they feel like more flexibility will allow their users to be more productive.
Similar to a terror watch list, the companies use lists of known attacks to watch for incoming threats. But these “bad lists” are ineffective for newer attacks that are usually customized to their targets.
“When people have lived in a certain paradigm for so long it’s difficult for people to adapt to the evolving threat landscape,” Sverdlove said.
The “Year of the Hack” has also made researchers more aware of what Sverdlove called “the perfect storm” of enemy actors. In addition to threats from hacktivists, recent breaches show that criminal organizations and nation states are also capable of launching effective and long term cyberattacks.
infographic coutesy of Bit9. For the full version click below.