Risk

12/14/2007
09:34 AM
Keith Ferrell
Keith Ferrell
Commentary
50%
50%

Survey: 40 Percent Of You Still Think Your Networks Are Insecure (And You're Probably Right)

And most of the rest of you continue to leave endpoints unguarded, according to a new survey of small and midsize businesses.

And most of the rest of you continue to leave endpoints unguarded, according to a new survey of small and midsize businesses.The survey from networking software developer GFI polled 455 IT execs from small and midsize businesses.

Among the most notable -- though least surprising -- findings was that while 42 percent of the respondents worried that their networks remained vulnerable, well over 90 percent had anti-virus software and firewalls deployed. 80 percent are using spam filters, though less than 20 percent had endpoint security solutions in-place.

That last is in line with the even small number -- 7 percent -- of you who are concerned about insider threats, and the threats posed by portable storage devices.

Which leads to the conclusion that the 42 percent insecurity finding -- as GFI points out -- may have less to do with the actual security of the networks than the growing perception that no amount of protection can actually deliver unbreachable security.

True enough -- as true in the digital age as it's been in every other age: there is no real security this side of the grave, the old saying goes.

But it's also true enough that deploying some aspects of a broad and robust multi-faceted security strategy while leaving others essentially ignored is a formula for problems, possibly, um, grave ones.

No wonder more than half of the respondents wanted more employee education on security issues, and a quarter wished their management better understood the nature of the security challenge. Presumably a better educated management would be more willing to spend the money needed to address all of danger-points, not just the most obvious ones.

Take a look at the entire survey here.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
More Than Half of Users Reuse Passwords
Curtis Franklin Jr., Senior Editor at Dark Reading,  5/24/2018
Is Threat Intelligence Garbage?
Chris McDaniels, Chief Information Security Officer of Mosaic451,  5/23/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11505
PUBLISHED: 2018-05-26
The Werewolf Online application 0.8.8 for Android allows attackers to discover the Firebase token by reading logcat output.
CVE-2018-6409
PUBLISHED: 2018-05-26
An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding ap_form table leads to a path traversal vulnerability via the download.php q parameter.
CVE-2018-6410
PUBLISHED: 2018-05-26
An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter.
CVE-2018-6411
PUBLISHED: 2018-05-26
An issue was discovered in Appnitro MachForm before 4.2.3. When the form is set to filter a blacklist, it automatically adds dangerous extensions to the filters. If the filter is set to a whitelist, the dangerous extensions can be bypassed through ap_form_elements SQL Injection.
CVE-2018-11500
PUBLISHED: 2018-05-26
An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF vulnerability in "admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list" that can add an admin account.