Application Security

8/29/2018
05:00 PM
100%
0%

IT Professionals Think They're Better Than Their Security

More than half of professionals think they have a good shot at a successful insider attack.

Computer professionals may think their enterprise security is good, but they think their skills are better. In fact, almost half think they could pull off a successful insider attack, according to a new report by Imperva.

Indeed, 43% of the 179 IT professionals surveyed said they could successfully attack their own organizations, while another 22% said they would have at least a 50/50 chance at success.

When it came to the attack surface, only 23% said they would use their company-owned laptops to steal information, while nearly 40% said their personal equipment would be the chosen avenue of attack.

This information is most worrisome, according to the report, in light of Verizon's "2018 Data Breach Investigations Report," which found nearly 60% of all attacks take months to detect and days more to begin mitigation efforts after discovery.

Read here for more.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
jamessusan
50%
50%
jamessusan,
User Rank: Apprentice
9/6/2018 | 3:42:49 AM
Re: Horrible idea
Programming engineers comprehend everything about the issues they tackle, an assignment service the arrangements they give, the restrictions of those arrangements, their protection suggestions, and their security suggestions. 
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
9/5/2018 | 9:29:26 AM
Horrible idea
The ultimate insider - IT staffers and for this survey to indicate that a large percentage think they could do it, well it ain't far from that to WOULD do it or HAVE DONE and they ain't caught me yet.  Why would they do that?  Let us call in the H1-B visa issue, lost jobs, poor wages, train your replacement.  No respect by management so that can be a big motivator to do damage JUST for the hell of it.   But to be in a career position of power and think so is a vast betrayal of our roles, security ethics.  
Veterans Find New Roles in Enterprise Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/12/2018
Empathy: The Next Killer App for Cybersecurity?
Shay Colson, CISSP, Senior Manager, CyberClarity360,  11/13/2018
Understanding Evil Twin AP Attacks and How to Prevent Them
Ryan Orsi, Director of Product Management for Wi-Fi at WatchGuard Technologies,  11/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-15769
PUBLISHED: 2018-11-16
RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is...
CVE-2018-18955
PUBLISHED: 2018-11-16
In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resour...
CVE-2018-19311
PUBLISHED: 2018-11-16
Centreon 3.4.x allows XSS via the Service field to the main.php?p=20201 URI, as demonstrated by the "Monitoring > Status Details > Services" screen.
CVE-2018-19312
PUBLISHED: 2018-11-16
Centreon 3.4.x allows SQL Injection via the searchVM parameter to the main.php?p=20408 URI.
CVE-2018-19318
PUBLISHED: 2018-11-16
SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=manager&a=update to change the username and password of the super administrator account.