Misconfigured networks account for more than three quarters of breaches.
A survey of security professionals found that a badly configured network is the main cause of network breaches because IT ‘don't know what to look for'. The survey, conducted by Tufin, also revealed that 18 per cent of professionals believe that misconfigured networks are the result of insufficient time or money for audits, while 14 per cent felt that compliance audits that do not always capture security best practices are a factor.
Reuven Harrison, CTO and co-founder of Tufin, said: “The really big question coming out of the survey is how to manage the risk that organisations run dealing with the complexity that is part and parcel of any medium-to-large sized company's security operations.
“When you factor in the issue that 60 per cent of the respondents said they had a day job in the corporate world, it's clear that IT managers need to address the security shortcomings of their networks by remediating the network misconfiguration issue.
“Only by configuring their network resources correctly can companies hope to beat these security issues. With 75 per cent of respondents calling themselves hackers, network managers need to sit up and smell the coffee on the fact that network misconfiguration is now a primary security issue for their IT staff.”
Almost half of the respondents (43 per cent) also claimed that planting a rogue member of staff inside a company was one of the most successful hacking methodologies.
Harrison said: “This realisation is made worse when you consider that 57 per cent of the security professionals we surveyed classified themselves as a black or grey hat hacker, and 68 per cent of respondents admitted hacking just for fun.
“With networks so easily penetrated, it's no surprise that 88 per cent believe the biggest threat to organisations lies inside the firewall.”
However, 58 per cent of attendees said they did not believe outsourcing security to a third party increased the chances of getting hacked, and almost half the sample believe it would not increase the chances of any sort of security or compliance issue.
“This disproves the commonly-held theory that the benefits of outsourcing security are cancelled out by an even greater set of risks. Security outsourcing has matured to the point where companies can confidently outsource parts or all of their security operations - especially when service providers offer automated tools to help with network management and configuration. With cloud computing approaching in the fast lane, this has to be good news,” said Harrison.