Misconfigured networks account for more than three quarters of breaches. A survey found that a badly configured network is the main cause of network breaches because IT professionals "don’t know what to look for."
The survey, conducted by Tufin, also revealed that 18 percent of security experts believe misconfigured networks are the result of insufficient time or money for audits, while 14 percent felt that compliance audits that do not always capture security best practices are a factor. The CTO and co-founder of Tufin said: "The really big question coming out of the survey is how to manage the risk that organizations run dealing with the complexity that is part and parcel of any medium-to-large sized company’s security operations.
Reuven Harrison, CTO and co-founder of Tufin, said: “The really big question coming out of the survey is how to manage the risk that organisations run dealing with the complexity that is part and parcel of any medium-to-large sized company's security operations. “When you factor in the issue that 60 per cent of the respondents said they had a day job in the corporate world, it's clear that IT managers need to address the security shortcomings of their networks by remediating the network misconfiguration issue.
“Only by configuring their network resources correctly can companies hope to beat these security issues. With 75 per cent of respondents calling themselves hackers, network managers need to sit up and smell the coffee on the fact that network misconfiguration is now a primary security issue for their IT staff.”
Almost half of the respondents (43 percent) also claimed that planting a rogue member of staff inside a company was one of the most successful hacking methodologies. Harrison said: “This realisation is made worse when you consider that 57 per cent of the security professionals we surveyed classified themselves as a black or grey hat hacker, and 68 per cent of respondents admitted hacking just for fun. “With networks so easily penetrated, it's no surprise that 88 per cent believe the biggest threat to organisations lies inside the firewall.”
However, 58 percent of attendees said they did not believe outsourcing security to a third party increased the chances of getting hacked, and almost half the sample believe it would not increase the chances of any sort of security or compliance issue.