Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

2/18/2016
05:00 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Absolute Survey: One-Third of IT Managers Admit to Hacking

Vancouver, Canada: February 18, 2016–Absolute® Software Corporation (TSX: ABT), the industry standard for persistent endpoint security and data risk management solutions, today announced the results of a research report the company conducted among IT managers and decision makers in the United States. The report provides insight into the attitudes, behavior, and confidence levels of IT departments when it comes to the security of their organizations.

The report revealed that a high percentage of IT personnel admitted to not following the same security protocols they are expected to enforce. Of those surveyed, 33% of respondents admitted to successfully hacking their own or another organization. The report also showed that 45% admitted to knowingly circumventing their own security policies.

“Given that IT is the security gatekeeper for an organization, it was alarming to see such high incidents of non-compliant behavior by IT personnel,” said Stephen Midgley, vice president, Global Marketing, Absolute. “Even if these actions are being performed to validate existing infrastructure, senior leadership should be aware that this activity is occurring. It may also be worthwhile to consider third-party audits to ensure adherence with corporate security policies.”

The report found that security remains at the top of the IT spending list, with 87% of respondents expecting increased investment in security this year. Despite prioritizing security and increasing budgets, IT managers believe that employees or insiders represent the greatest security risk to an organization (46%). This may be related to the fact that on average, 33% of all security protocols are not being followed by staff. It may also explain the high number of security breaches, with 38% of respondents experiencing a data breach within the past year.

IT decision makers also bear the brunt of responsibility. Of those surveyed, 78% believe IT managers are primarily responsible for the organization’s security. The report also showed that 65% of IT decision makers believe they would likely lose their job in the event of a security breach.

"Despite marked improvements, businesses are still very susceptible to attack,” added Midgley. “The gaps in current data breach response plans and in upholding general best practice policies must be addressed.”

The age of the IT respondents also impacted the results, with younger professionals demonstrating a more optimistic and confident outlook for IT security.

 

Younger Professionals Demonstrate More Cavalier Behavior

·      Most likely to hack their own organization: IT professionals aged 18-44 (41%), IT professionals 45+ (12%)

·      Most confident in containing a data breach: IT professionals aged 18-44 (92%), IT professional 45+ (79%)

·      Most comfortable with staffing levels in order to provide effective IT and data security: IT professionals aged 18-44 (89%), IT professionals 45+ (75%)

 

To download the full report, please visit https://www.absolute.com/it-confidential

 

Methodology

The online survey was conducted from October 28, 2015 – November 11, 2015, among 501 U.S. adults age 18+ who met the following criteria:

·      Worked in an information security role and hold one of the following positions: IT Director/Executive, IT Manager, IT Administrator, IT Security, or Other IT / information security management role

·      Employed by a company with 50 or more employees

 

About Absolute

Absolute Software Corporation (TSX: ABT) is the industry standard in persistent endpoint security and data risk management solutions. Persistence® technology from Absolute provides organizations with visibility and control over all of their devices, regardless of user or location. If an Absolute client is removed from an endpoint, it will automatically reinstall so IT can secure each device and the sensitive data it contains. No other technology can do this. Persistence technology is embedded in the firmware of computers, netbooks, tablets and smartphones by global leaders, including Acer, ASUS, Dell, Fujitsu, HP, Lenovo, Microsoft, Panasonic, Samsung, and Toshiba, and the Company has reselling partnerships with these OEMs and others, including Apple. 

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
News
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
News
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7856
PUBLISHED: 2021-04-20
A vulnerability of Helpcom could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient authentication validation.
CVE-2021-28793
PUBLISHED: 2021-04-20
vscode-restructuredtext before 146.0.0 contains an incorrect access control vulnerability, where a crafted project folder could execute arbitrary binaries via crafted workspace configuration.
CVE-2021-25679
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager software is vulnerable to an authenticated stored cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed....
CVE-2021-25680
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager software is vulnerable to multiple reflected cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed. Only...
CVE-2021-25681
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** AdTran Personal Phone Manager 10.8.1 software is vulnerable to an issue that allows for exfiltration of data over DNS. This could allow for exposed AdTran Personal Phone Manager web servers to be used as DNS redirectors to tunnel arbitrary data over DNS. NOTE: The aff...