Are You an Overconfident IT Manager? - Web Security
Imagine you are looking for a new home and after a considerable amount of research and time you find the perfect place for your budget. As you settle in and begin to meet with your new neighbors you discover an alarming trend. Within the past 6 months about one in eight of the homes in the neighborhood experienced a major security issue such as armed break ins, cat burglars snatching information, or someone redirecting their mail to a foreign address. You wonder if these people are unlucky or have you moved into a bad neighborhood. When you share your findings with a friend they respond with "I'm sure you're fine! Just check the locks on the doors every 6 months."
You may find this illustration laughable but it reflects how some IT managers respond to their web security.
Recently IDG Connect, the world’s largest technology media company, produced a report on corporate web security and found some interesting findings. The study revealed that IT managers often operate with a baseless sense of optimism within a landscape dotted with threats. When asked about how they feel about their web security they responded: 0% not secure, 15% reasonably secure, 55% very secure, 19% totally secure, & 11% were not sure.
When comparing large companies against their mid-sized counterparts the study found that they tested for vulnerabilities on a monthly basis 53% of the time vs. 13%. Interestingly the study also found that rate of not testing at all was highly discouraging with the size of the business having little bearing on rate (Large 30% vs. Medium 34%).
IT Managers Speak Out
Of the IT Managers interviewed 13% stated they experienced a breach within the last 6 months. These threats include everything ranging from brute force attacks (59%) to content spoofing (18%). Despite the optimism of the 89% that their websites were reasonably to totally secure these security issues persist. Would they not try to better protect their home if 13% of the homes in their neighborhood had their locks picked every 6 months? Would they continue to eat at a local restaurant if 13% of the regular guests came down with food poisoning twice a year?
IDG provided a simple list of measures taken by IT Managers to improve their security. We will go into the specifics in the next installment. Here are the four main ways they improved their security in order of frequency:
- Improved SSL protection for all layers of their network.
- Improved security software to conduct automated scans for malware and accurately spot higher level threats.
- Improved firewalls to prevent breakins.
- Outsourcing web hosting to a secure provider.
If you want your confidence in your web security to be well founded then I recommend testing your website for vulnerabilities once a month at a minimum as well as ensure your security software is up to date and operates with minimal system interference. Symantec provides the most reliable and widest range of solutions to protect your network. The best network offense is a proactive defense.
For more information I recommend downloading the report: