Would You Bet $100 That You Won’t Suffer a Data Breach in the Next 6 Months?

Employees Deliberately Ignore IT Security Rules

No? Well neither would 70% of IT security professionals, according to our recent survey of nearly 250 attendees at RSA Conference 2013.

And it’s really no wonder. Although the people we surveyed are certainly hard-working, dedicated professionals, as IT security personnel they’re also the very people who would best understand if their organizations are dangerously unprotected against the wave of new and emerging cyber attacks.

And nearly half of our respondents work in organizations with more than 1,000 employees – the types of places that nearly always have established, funded and large IT departments. The types of places that most people probably assume to be well protected against data breaches.

So why the pessimistic attitude among IT security folks? One assumption is because they realize that vendors of traditional security tools like firewalls and anti-virus are in an almost constant state of catch up, updating their products to reactively protect against yesterday’s threats. Meanwhile hackers, rogue nation states and others are looking for new flaws which they can exploit in tomorrow’s attacks.

Of course the reality of today’s large and complex enterprises means that 100% security, 100% of the time is nearly impossible to achieve. Despite that, there are still some best practices for securing access to critical systems and data that many organizations continue to ignore.

The Default Password Backdoor

For example, here’s another interesting nugget I gleaned from the survey – one third of IT security pros work in organizations that do not have a policy for changing default passwords when deploying new hardware, applications and appliances to the network. Quite frankly, this is a dangerous oversight.

Default passwords should be thought of as hidden backdoors on systems. Most default passwords are publicly known – or can at least be found online without much effort. That means anyone with malicious intent can login with default credentials and gain anonymous access to systems and applications throughout the enterprise.

Default passwords seem like an obvious security hole to exploit. But, according to our survey results at least, it’s a common problem.

Learn more about our survey at www.liebsoft.com/2013_information_security_survey.

Our survey sampled one segment of people at one trade show. So what do IdentityWeek readers think? Would you bet $100 of your own money that your organization won’t suffer a data breach in the next 6 months? Leave a comment below.

1 Comment on "Would You Bet $100 That You Won’t Suffer a Data Breach in the Next 6 Months?"

  1. Angelo Spencer | May 17, 2013 at 4:22 pm | Reply

    This all goes back to the common theme of being an easy target. If you let attackers see you as the low hanging fruit, you’re just asking to become a statistic. This is the digital equivalent to walking down a dangerous street at night with your head down, shoulders slumped, avoiding eye contact, and having hundred dollar bills popping out of your pockets! We can’t make it easy for them. It’s important that we make them think twice about attacking us- and simple things like changing default passwords or patching our machines (automatic updates, anyone?) allow us to take advantage of that 80% result with only 20% effort!

Leave a comment

Your email address will not be published.


Time limit is exhausted. Please reload CAPTCHA.