Failing The Basics Will Get You HackedFailing The Basics Will Get You Hacked
Information security firm Sophos evaluated 580 PCs over a 40-day period and found businesses of all sizes can't tackle even the most basic things when it comes to IT security.
June 22, 2008
Information security firm Sophos evaluated 580 PCs over a 40-day period and found businesses of all sizes can't tackle even the most basic things when it comes to IT security.While examining nearly 600 PCs during little more than a one-month period isn't a very large sampling, it's big enough for a taste of what's out there. And it's certainly not sweet.
The Sophos Endpoint Assessment Test gives systems a basic evaluation for things like missing patches, the state of client firewalls, and other security tests.
The bottom line: 81% of the endpoints failed one or more of those fundamental checks. That's fairly bad news considering that any of those conditions -- outdated patch level, firewall disabled, or out-of-date AV signatures -- can lead to a significant breach. But this test must have been targeting those unsophisticated SMBs, you say, and that's what tainted the results. Not so. Here's the demographic run down:
"39% of the end users were part of an organization with fewer than 100 users
36% were part of an organization size between 100 and 1,000 users
25% were from organizations larger than 1,000 users
And the evaluation ran in fairly IT savvy geographies, too:
North America represented 39% of the sample base, while the United Kingdom made up 36%, and Australia and Germany were 11% and 9%, respectively (5% being other countries).
Said Bill Emerick, VP of product management for network access control at Sophos: "We're holding up to the light an aspect of endpoint security that has long been evaded by IT departments -- the inability to properly assess and control baseline endpoint security requirements such as updated patches, enabled firewalls, and current anti-malware signatures updates. Ultimately, machines that fail such a test represent the low-hanging fruit for cybercriminals and a real danger to their corporate networks."
And that's one of the most accurate quotes I've read in a press release in a long time.
This blog was updated at 9:45 a.m. to correct a quote.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
2022 Insurance Industry Cyber Threat Landscape Report
Protecting Critical Infrastructure: The 2021 Energy, Utilities, and Industrials Cyber Threat Landscape Report
2021 Banking and Financial Services Industry Cyber Threat Landscape Report