Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

9/18/2015
10:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Nearly A Third Of IT Managers Could Be Persuaded To Be A Hacker For Two Thousand Dollars Or Less

Corporate Security Gets Less Airplay than Office Birthdays, Happy Hours and Kitchen Etiquette

Santa Clara, CA—September 15, 2015Centrify Corporation, the leader in securing identities from cyberthreats, today announced additional findings from its recent State of the Corporate Perimeter survey of more than 400 U.S. and UK IT decision makers (ITDMs) that aimed to find out if corporations are as secure as they need to be. While part one of the survey revealed dangerous gaps in protocols related to identity management that leave companies vulnerable to attack, part two spotlights some of the psychological realities businesses must consider in their approach to securing assets.

Most notably, in the U.S., 24 percent of respondents hear more about office happy hours than they do about security. 22 percent hear more about office birthdays and 18 percent hear more about kitchen etiquette. In the UK, those percentages are 17, 18 and 17, respectively.

Separately, when asked if they could break in anywhere and get away with it, these were the most popular answers:

·         The White House

·         David Cameron’s private email

·         Facebook

·         Apple

·         Bill Gates

·         My bank

·         Walmart

·         Papa John’s Pizza

 

If bank, government and social media databases seem lofty and theoretical, a twist in survey results came in how little money it would cost to persuade an ITDM to become a hacker. When asked if they would become a hacker for $2,000 or less, 28 percent of U.S. respondents and 14 percent of UK respondents said yes.

“The real enemy here is lack of concern,” said Bill Mann, chief product officer of Centrify. “The technology exists, but the will does not. Many companies do not make this realization until their names get splashed across headlines. But even if a company is not famous, one data leak can bring an entire business to a permanent halt. Furthermore, now that today’s corporate perimeter has nothing to do with physical headquarters and contains data that resides in the cloud and on the numerous devices used in the field, it’s our hope that parts one and two of the Centrify State of the Corporate Perimeter survey convince IT decision makers to take steps now to secure their assets before hackers find holes and exploit them.”

For more survey findings or to view the full results, please visit www.centrify.com/identity-survey/

For more information about Centrify’s award-winning identity management platforms, please visit http://www.centrify.com.

About Centrify

Centrify strengthens enterprise security by managing and securing identities from cyberthreats. As organizations expand IT resources and teams beyond their premises, identity is becoming the new security perimeter. With our platform of integrated software and cloud-based services, Centrify uniquely secures and unifies identity for both privileged and end users across today’s hybrid IT world of cloud, mobile and data center. The result is stronger security and compliance, improved business agility and enhanced user productivity through single sign-on. Over 5000 customers, including half of the Fortune 50 and over 80 federal agencies, leverage Centrify to secure identities. Learn more at www.centrify.com.

 

###

Centrify is a registered trademark and Centrify Server Suite and Centrify Identity Service are trademarks of Centrify Corporation in the United States and other countries.  All other trademarks are the property of their respective owners.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7121
PUBLISHED: 2020-09-23
Two memory corruption vulnerabilities in the Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, and 8400 have been found. Successful exploitation of these vulnerabilities could result in Local Denial of Service of the LLDP (Link Layer Discovery Protocol) process in the switch. This applies to f...
CVE-2020-7122
PUBLISHED: 2020-09-23
Two memory corruption vulnerabilities in the Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, and 8400 have been found. Successful exploitation of these vulnerabilities could result in Local Denial of Service of the CDP (Cisco Discovery Protocol) process in the switch. This applies to firmwar...
CVE-2020-10687
PUBLISHED: 2020-09-23
A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS att...
CVE-2020-10714
PUBLISHED: 2020-09-23
A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...
CVE-2020-14365
PUBLISHED: 2020-09-23
A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw le...