2011 has been called the “year of the hack” and in Bit9’s third annual endpoint security survey, it was clear that the majority of IT and security professionals are most concerned about the so-called “advanced persistent threats.” These are the modern attacks that bypass existing security defenses –firewalls, IDS/IPS, HIPS and antivirus.

Despite the worry, many organizations have not taken the steps to actually do something about it.

Here are some of the highlights from our survey:

60 percent of the IT and security executives said they were concerned about APT attacks like the RSA breach, more than double the next closest response, showing the growing anxiety among around modern threats.

(The second biggest hacking concern, at 28 percent, is having one of their own employees steal company data and posts it online, much like what happened at the Department of Defense (DoD) with WikiLeaks. In third place, at 26 percent, are concerns around a vendor partner being hacked, much like what happened to Epsilon earlier this year.  And in fourth place, at 25 percent, are concerns over a cloud application breach, much like what happened with Sony.)

But when it comes down to the question of: What are they doing about it? It’s clear that they aren’t doing enough. A lot of organizations rely on written polices to control what software is allowed and a narrow majority of companies surveyed (51 percent) said they allow their employees to download and install software at their discretion. All it takes is one person to download a hijacked version of Google Earth that contains malware that pulls data and sends it to servers in Asia. Or to click on that Excel spreadsheet that promises the “2011 Recruitment plan.xls” that contains zero-day malware. You get the picture.

The companies that allow employees to download software often find digital music sites like iTunes, social media sites and instant messaging software on its endpoints. Additionally, almost 80 percent of companies allow employees to use removable storage devices, exposing companies to the loss of sensitive data and intellectual property while increasing exposure to malware.

For a more full view of all the responses and to read more about the survey please visit here.

Breaches that occurred in the first half of 2011 have changed the rules of security by exposing high profile companies like RSA, Sony, Lockheed Martin and numerous others. If this survey of 763 IT and security professionals is any indication of how prepared our corporations and government agencies are as a whole, we are not ready for APTs. Drop the “A’ in Advanced Persistent Threat and we’re not even well prepared for that.