No? Well neither would 70% of IT security professionals, according to our recent survey of nearly 250 attendees at RSA Conference 2013.
And it’s really no wonder. Although the people we surveyed are certainly hard-working, dedicated professionals, as IT security personnel they’re also the very people who would best understand if their organizations are dangerously unprotected against the wave of new and emerging cyber attacks.
And nearly half of our respondents work in organizations with more than 1,000 employees – the types of places that nearly always have established, funded and large IT departments. The types of places that most people probably assume to be well protected against data breaches.
So why the pessimistic attitude among IT security folks? One assumption is because they realize that vendors of traditional security tools like firewalls and anti-virus are in an almost constant state of catch up, updating their products to reactively protect against yesterday’s threats. Meanwhile hackers, rogue nation states and others are looking for new flaws which they can exploit in tomorrow’s attacks.
Of course the reality of today’s large and complex enterprises means that 100% security, 100% of the time is nearly impossible to achieve. Despite that, there are still some best practices for securing access to critical systems and data that many organizations continue to ignore.
The Default Password Backdoor
For example, here’s another interesting nugget I gleaned from the survey – one third of IT security pros work in organizations that do not have a policy for changing default passwords when deploying new hardware, applications and appliances to the network. Quite frankly, this is a dangerous oversight.
Default passwords should be thought of as hidden backdoors on systems. Most default passwords are publicly known – or can at least be found online without much effort. That means anyone with malicious intent can login with default credentials and gain anonymous access to systems and applications throughout the enterprise.
Default passwords seem like an obvious security hole to exploit. But, according to our survey results at least, it’s a common problem.
Learn more about our survey at www.liebsoft.com/2013_information_security_survey.
Our survey sampled one segment of people at one trade show. So what do IdentityWeek readers think? Would you bet $100 of your own money that your organization won’t suffer a data breach in the next 6 months? Leave a comment below.