IT Brief NZ - Security breach? $100 says sure thing

Warning: This story was published more than a year ago.

Security breach? $100 says sure thing

Anybody like a gamble? A cheeky flutter on the horses maybe?

Well hello, you've come to the right place.

Techday wants to know whether you would be willing to stake $100 of your own hard-earned cash on your company NOT suffering a data breach within the next six months.

Fancy your chances? Hmm. Wait until you see what everybody else thought.

A recent survey by Leiberman Software, an identity market management firm, revealed over 70% of IT security professionals would not bet on their business avoiding a breach, highlighting a negative attitude towards security within the industry.

Conducted during the RSA Conference in February this year, Leiberman says a third of organisations currently do not have a policy making it compulsory to change default passwords when deploying new hardware, applications and network appliances to the corporate network.

But is this down to negligence or ignorance?

“These figures highlight the fact that IT security professionals realise that most organisations are woefully unprotected against cyber attacks," says Philip Lieberman, president and CEO, Lieberman Software.

"While vendors of conventional security products - like firewalls and anti-virus - are constantly updating their tools to reactively protect against the latest threats, hackers are looking for flaws and engineering new attacks to exploit them.

"The reality is that 100% protection is nearly impossible to achieve, but there are still best practices for securing access to critical systems and data that many organisations tend to ignore.”

Criticising the fact that so many IT groups are still not changing default passwords when deploying new systems, Lieberman believes such actions should be a standard practice.

"Default privileged passwords are, in a sense, hidden backdoors onto systems that are deployed on a network," he says.

"Most default passwords are publicly known and easily found online, meaning anyone with malicious intent can use these default credentials to gain anonymous access to systems and applications throughout the enterprise.

“IT departments that do not have a solution in place to automatically detect, flag and change default privileged passwords on newly deployed systems are neglecting a very common security hole.”

Measuring the attitudes of nearly 250 IT security professionals and the way their organisations manage cyber security, key findings include:

• 81.4% of IT security staff think staff tend to ignore the rules that IT departments put in place

• 52.2% of the same respondents believe that staff would not listen more even if IT directives came from executive management, rather than IT

• 75.8% of IT personnel think that employees in their organisation have access to information that they don't necessarily need to perform their jobs

• 64.7% of respondents think that they have more access to sensitive information than colleagues in other departments

• 38.3% of IT security personnel have witnessed a colleague access company information that he or she should not have access to

• 54.7% of those respondents did not report their colleagues who accessed that information

Lieberman believes the results suggest that even though most IT professionals are aware of the level of access they have to systems which may contain sensitive data, many organisations either cannot or will not control and audit this access.

"The high number of staff who are thought to ignore IT directives could stem from willful negligence on the part of end-users, or the lack of proper internal security training," he says.

"When these findings are taken together, respondents' lack of confidence in the ability of their organisations to withstand a data breach is hardly surprising."

Would you take the $100 bet? Tell us what your company is like security-wise below

Interested in this topic?
We can put you in touch with an expert.

Follow Us


next-story-thumb Scroll down to read: