I recently had a conversation about security with the head of an organization we were presenting a support proposal to and he said "Oh, we're not worried about our security, our employees wouldn't do anything and besides we have a firewall to keep the bad guys out." Sadly, we hear that refrain much too often. It's kind of frightening really.
A recent survey of almost 250 IT security pros found that 73.3 percent would NOT be willing to bet $100 of their own money that their own companies won't suffer a data breach within the next six months.
It also found that 81.4 percent of IT security staff think employees tend to ignore the rules that IT departments put in place.
Also, 38.3 percent of IT security personnel have actually witnessed an employee accessing company information that he or she should not have access to.
Add to that the results of another study of data breachs that reported that over 60% of all documented data thefts or tampering in the U.S. were "inside jobs" perpetrated by either employees or sub-contractors that had access to the company network.
Is it any wonder that news of major data breaches is an almost daily event in the industry news?
Businesses should be in the practice of conducting annual security reviews and those reviews shouldn't be conducted by in-house staff. They're too close to the situation because they usually are the ones that built the system in the first place. An outside vendor that has experience in performing network security audits and conducting "White Hat" network penetration testing is your best bet for making sure your network is secure.
No comments:
Post a Comment