Failing The Basics Will Get You Hacked
Information security firm Sophos evaluated 580 PCs over a 40-day period and found businesses of all sizes can't tackle even the most basic things when it comes to IT security.
June 22, 2008
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/bltc94608acf452fd67/655cf371ab171e040a838b2a/329050_DR23_Graphics_Website_V5_Default_Image_v1.png?width=1280&auto=webp&quality=95&format=jpg&disable=upscale)
Information security firm Sophos evaluated 580 PCs over a 40-day period and found businesses of all sizes can't tackle even the most basic things when it comes to IT security.While examining nearly 600 PCs during little more than a one-month period isn't a very large sampling, it's big enough for a taste of what's out there. And it's certainly not sweet.
The Sophos Endpoint Assessment Test gives systems a basic evaluation for things like missing patches, the state of client firewalls, and other security tests.
The bottom line: 81% of the endpoints failed one or more of those fundamental checks. That's fairly bad news considering that any of those conditions -- outdated patch level, firewall disabled, or out-of-date AV signatures -- can lead to a significant breach. But this test must have been targeting those unsophisticated SMBs, you say, and that's what tainted the results. Not so. Here's the demographic run down:
"39% of the end users were part of an organization with fewer than 100 users
36% were part of an organization size between 100 and 1,000 users
25% were from organizations larger than 1,000 users
"
And the evaluation ran in fairly IT savvy geographies, too:
North America represented 39% of the sample base, while the United Kingdom made up 36%, and Australia and Germany were 11% and 9%, respectively (5% being other countries).
Said Bill Emerick, VP of product management for network access control at Sophos: "We're holding up to the light an aspect of endpoint security that has long been evaded by IT departments -- the inability to properly assess and control baseline endpoint security requirements such as updated patches, enabled firewalls, and current anti-malware signatures updates. Ultimately, machines that fail such a test represent the low-hanging fruit for cybercriminals and a real danger to their corporate networks."
And that's one of the most accurate quotes I've read in a press release in a long time.
This blog was updated at 9:45 a.m. to correct a quote.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024