IT and network managers beware: a survey of ‘hacking habits’ from security lifecycle management specialist Tufin Technologies has identified that badly configured networks are the main cause of security breaches.
The annual survey was conducted at the DEF CON 18 conference in Las Vegas last month among 100 security professionals, more than half of whom work in corporate IT. Nearly three quarters said they came across a misconfigured network more than 75 percent of the time – which, according to 76 percent of the sample, was the easiest IT resource to exploit.
According to the survey, 58 percent of respondents blamed IT personnel for the misconfiguration, because they did not know what to look for when assessing the status of their network configurations.
“The really big question coming out of the survey is how to manage the risk that organisations run dealing with the complexity that is part and parcel of any medium-to-large sized company’s security operations,” said Reuven Harrison, Chief Technology Officer and Co-Founder at Tufin.
Harrison believes that automating configuration and security management is the best way to solve this problem.
“When you factor in the issue that 60 percent of the DEF CON 18 respondents said they had a day job in the corporate world, it’s clear that IT managers need to address the security shortcomings of their networks by remediating the network misconfiguration issue,” said Harrison. “Only by configuring their network resources correctly can companies hope to beat these security issues,” he added.
Interestingly, 75 percent of respondents called themselves hackers, and 48 percent admitted that planting a rogue member of staff inside a company was one of the most successful hacking methodologies.
“This realisation is made worse when you consider that 57 percent of the security professionals we surveyed classified themselves as a black or grey hat hacker, and 68 percent of respondents admitted hacking just for fun,” Harrison said. “With networks so easily penetrated, it’s no surprise that 88 percent believe the biggest threat to organisations lies inside the firewall.”
The problem of security breaches is a well documented problem facing many of today’s IT managers. And even government departments are not immune. Last week, the US Deputy Defence Secretary William J. Lynn III revealed that in 2008 a flash drive believed to have been infected by a foreign intelligence agency uploaded malicious code onto a network run by the American military’s Central Command.
And it seems that the healthcare industry is the most vulnerable to data breaches. In early August a survey of American organisations found that, like in the UK, the healthcare industry suffers the most data breaches.
In the UK, the Information Commissioner’s Office (ICO) has been coming down hard on institutions responsible for data breaches, but is yet to issue a fine.
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…