Risk
12/14/2007
09:34 AM
Keith Ferrell
Keith Ferrell
Commentary
50%
50%

Survey: 40 Percent Of You Still Think Your Networks Are Insecure (And You're Probably Right)

And most of the rest of you continue to leave endpoints unguarded, according to a new survey of small and midsize businesses.

And most of the rest of you continue to leave endpoints unguarded, according to a new survey of small and midsize businesses.The survey from networking software developer GFI polled 455 IT execs from small and midsize businesses.

Among the most notable -- though least surprising -- findings was that while 42 percent of the respondents worried that their networks remained vulnerable, well over 90 percent had anti-virus software and firewalls deployed. 80 percent are using spam filters, though less than 20 percent had endpoint security solutions in-place.

That last is in line with the even small number -- 7 percent -- of you who are concerned about insider threats, and the threats posed by portable storage devices.

Which leads to the conclusion that the 42 percent insecurity finding -- as GFI points out -- may have less to do with the actual security of the networks than the growing perception that no amount of protection can actually deliver unbreachable security.

True enough -- as true in the digital age as it's been in every other age: there is no real security this side of the grave, the old saying goes.

But it's also true enough that deploying some aspects of a broad and robust multi-faceted security strategy while leaving others essentially ignored is a formula for problems, possibly, um, grave ones.

No wonder more than half of the respondents wanted more employee education on security issues, and a quarter wished their management better understood the nature of the security challenge. Presumably a better educated management would be more willing to spend the money needed to address all of danger-points, not just the most obvious ones.

Take a look at the entire survey here.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8802
Published: 2015-01-23
The Pie Register plugin before 2.0.14 for WordPress does not properly restrict access to certain functions in pie-register.php, which allows remote attackers to (1) add a user by uploading a crafted CSV file or (2) activate a user account via a verifyit action.

CVE-2014-9623
Published: 2015-01-23
OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quote and cause a denial of service (disk consumption) by deleting an image in the saving state.

CVE-2014-9638
Published: 2015-01-23
oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero.

CVE-2014-9639
Published: 2015-01-23
Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access.

CVE-2014-9640
Published: 2015-01-23
oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted raw file.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
If you’re a security professional, you’ve probably been asked many questions about the December attack on Sony. On Jan. 21 at 1pm eastern, you can join a special, one-hour Dark Reading Radio discussion devoted to the Sony hack and the issues that may arise from it.