Badly configured networks are the main cause of security breaches, accounting for more than three-quarters of attacks, according to a new survey.
The findings were revealed in a survey of security professionals taken at last month’s DEF CON18 conference in Las Vegas. The "Hacking Habits" study, commissioned by Tufin Technologies, found that 73% of respondents came across a misconfigured network more than three quarters of the time, which, according to 76% of the sample, was the easiest IT resource to exploit.
In what can be read as a warning to IT admins, 58% of the security bods quizzed for the survey viewed network misconfiguration as being caused by IT staffers not knowing what to look for when assessing the status of their network configurations, with 18% believing that misconfigured networks are the result of insufficient time or money for audits. 14% felt that compliance audits that don’t always capture security best practices are a factor and 11% felt that threat vectors that change faster than they can be addressed play a key role, the survey said.
"The really big question coming out of the survey is how to manage the risk that organisations run dealing with the complexity that is part and parcel of any medium-to-large sized company’s security operations," said Reuven Harrison, CTO and co-founder at Tufin.
"And when you factor in the issue that 60% of the DEF CON18 respondents said they had a day job in the corporate world, it’s clear that IT managers need to address the security shortcomings of their networks by remediating the network misconfiguration issue. Only by configuring their network resources correctly can companies hope to beat these security issues," he added.
There was some good news to come out of the survey however. Over half (58%) of respondents said that they did not believe outsourcing security to a third party increased the chances of getting hacked. In fact, almost half believe it would not increase the chances of any sort of security or compliance issue.
Content from our partners
"This disproves the commonly-held theory that the benefits of outsourcing security are cancelled out by an even greater set of risks. Security outsourcing has matured to the point where companies can confidently outsource parts or all of their security operations – especially when service providers offer automated tools to help with network management and configuration. With cloud computing approaching in the fast lane, this has to be good news," said Harrison.
Clients of security lifecycle management firm Tufin Technologies include Swisscom, O2, Sony and Santander.
