Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Tuesday, April 23, 2013

IT Professionals Say Employees Ignore Security Rules

There are best practices for securing access to critical systems and data that many organizations tend to ignore, the survey found. The vast majority (81.4 percent) of IT security staff think that employees tend to ignore the rules that IT departments put in place, and more than half (52.2 percent) of the same respondents said they believe that employees would not listen more even if IT directives came from executive management, rather than IT, according to a survey by identity management and security management specialist Lieberman Software. More than 70 percent of IT security professionals would not be willing to bet $100 of their own money that their companies will not suffer a data breach in the next six months.


While vendors of conventional security products—like firewalls and antivirus—are constantly updating their tools to reactively protect against the latest threats, hackers are looking for flaws and engineering new attacks to exploit them,” Philip Lieberman, president and CEO of Lieberman Software, said in a statement. “The reality is that 100 percent protection is nearly impossible to achieve, but there are still best practices for securing access to critical systems and data that many organizations tend to ignore.”

Just over three-quarters (75.8 percent) of IT personnel said they think that employees in their organization have access to information that they don’t necessarily need to perform their jobs, and while 38.3 percent of IT security personnel have witnessed a colleague access company information that he or she should not have access to, more than half (54.7 percent) of those respondents did not report their colleagues who accessed that information.

The survey also found 32.3 percent of IT security professionals work in organizations that do not have a policy to change default passwords when deploying new hardware, applications and network appliances to the network.

“IT departments that do not have a solution in place to automatically detect, flag and change default privileged passwords on newly deployed systems are neglecting a very common security hole,” Lieberman concluded.



Posted on 04/23