eEye Survey Reveals That Common Malware and Spyware Are Bigger Threats Than Stuxnet, Night Dragon and Operation Aurora Style Attacks

eEye Digital Security, a provider of IT security and unified vulnerability management solutions, today announced results from its “2011 Headlines vs. Reality” survey. The survey, which polled 1,677 respondents, demonstrated that headline-driving attacks are not what keep IT security professionals or executives up at night. In fact, findings revealed that 55 percent of respondents viewed common malware and spyware as the number-one threat to their organization. Only 12 percent identified sophisticated, high-profile attacks that garnered media attention, such as Stuxnet, Operation Aurora or Night Dragon as significant problems. The survey included responses from IT administrators, managers and C-level executives from organizations of various sizes and from multiple industries in the private and public sectors. Thirty percent of respondents came from organizations with 4,000 employees or more.

“These facts demonstrate that while it is important to remain vigilant against attacks that wreak havoc and damage reputations, we must also remain focused on attacks that fly in under the radar, happen every day and chip away at defenses and compliance,” said Marc Maiffret, CTO, eEye Digital Security. “Knowing where the next attack is most likely to come from will help the security community to improve its defensive position and better allocate its resources. This survey shows defense against stealthy, everyday attacks should be made a priority.”

Equally compelling are statistics demonstrating that non-attack risks and lack of visibility into security and compliance postures are also a major cause for alarm.

        --  48 percent of respondents are concerned over a lack of human and
            technological resources
        --  42 percent of respondents are worried about improper configurations
        --  42 percent said they are worried over inability to protect against
            Zero Day vulnerabilities
        --  41 percent said they are concerned over a lack of security insight
            around compliance, vulnerabilities and attacks

In addition to demonstrating top-level concerns, the survey also provided insight into how and where security professionals would bolster their resources if they were to receive a 20 percent increase in their security budgets.

        --  65 percent said they would invest it in security reporting and
            dashboard technologies
        --  63 percent said they would invest in patch management
        --  60 percent said they would invest in configuration compliance
        --  52 percent said they would invest in additional personnel
        --  39 percent said they would invest in regulatory compliance reporting

“These statistics show that although cutting-edge headlines and horror stories may rule the air, most security professionals remain focused on the basics — wanting insight into their defensive postures to ensure that patching is regular and that proper configurations are in place,” said Maiffret.

Unfortunately, although respondents were decisive when it came to knowing how to invest, many have their hands tied. Despite perceived economic recovery, 57 percent of those polled said their IT security budgets saw no increase in 2011, with only 21 percent receiving an increase and 22 percent actually experiencing a decline.

To request a PDF copy of eEye’s “Headlines Versus Reality: Survey Report,” visit

About eEye Digital Security Since 1998, eEye Digital Security has made vulnerability and compliance management simpler and more efficient by providing the only unified solution that integrates assessment, mitigation, protection, and reporting into a complete offering with optional add-on modules for configuration compliance, regulatory reporting, and integrated patch management. eEye’s world-renowned research and development team is consistently the first to uncover critical vulnerabilities and build new protections into our solutions to prevent their exploit. Thousands of mid-to-large-size private-sector and government organizations, including the largest vulnerability management installations in the world, rely on eEye to protect against the latest known and zero-day vulnerabilities.