ManageEngine OpManager, a powerful NMS for monitoring your network, physical & virtual (VMware/ HyperV) servers & other IT devices. Deploy and start monitoring in less than an hour. Trusted by over a million admins world-wide. Try it for free.
IT pros -- the gatekeepers of company security policies -- are willing to bend the rules to get things done, according to Absolute Software, based on survey findings it released last week.
Forty-five percent of IT pros confessed they knowingly worked around their own security policies, according to the survey. Moreover, 33 percent admitted to hacking their own or another organization's systems.
Gatekeepers Become Gatecrashers
In addition, of some 500 IT and security pros in the United States participating in the survey, 46 percent said employees represent the greatest security risk to their organizations. "They view the employees of their organizations as a threat because employees view security as an impediment. They view IT as an impediment," said Stephen Midgley, Absolute's vice president for global marketing. That attitude is espoused commonly in security circles, but what isn't so commonly known is how many IT pros are willing to engage in behavior they condemn in others. "What surprised us was that the gatekeepers of data security are often the gatecrashers when it comes to protecting data," Midgley told TechNewsWorld. "If IT professionals can't be trusted to follow their own security policies, what hope is there for the rest of the employee base?" said Kunal Rupani, director of product marketing at Accellion. "Unfortunately, there isn't an easy fix given the fact that, in many cases, shortcuts are taken for purposes of convenience and productivity," he told TechNewsWorld. "Employees will always look for quicker or more efficient ways to accomplish their daily tasks."Taking Shortcuts
That's true of IT pros, too. "They choose the fastest path to get the job done," said Tom Clare, vice president for marketing at Gurucul. "In the defense industry, you can spend up to an hour a day logging in and logging out with token authentication systems," he told TechNewsWorld. "If you're in a high-pressure security or systems administrator's job and you're asked to do way too many things quickly, you're going to try to smooth things out and take shortcuts," Clare added. There can be reasons other than cutting corners for security personnel to sidestep policies and hack into their own systems. "There are times that require they access their network or systems pretending to be a hacker," said Rick Kam, president of ID Experts.Pen Testing
Security pros would have to hack their systems if they were doing penetration testing of their networks. "A lot of organizations have antiquated infrastructure, so they may be trying to penetrate their own systems to look for faults and holes that they can patch," Midgley explained. "If there are vulnerabilities out there and there are holes in your security program somewhere, it's best to find them yourself, as opposed to having them exploited by a third party," said Rick Orloff, CSO of Code42. However, "at no point should anyone be hacking any system or service that they don't own or control or have permission to hack," he told TechNewsWorld. Rules may have to be bent on other occasions, too. "There may be other times in cases of emergency, such as when a network device or system goes down unexpectedly," Kam told TechNewsWorld. "Other than that," he said, "IT management should ensure their IT professionals adhere to security protocols and procedures."Abuse of Power
Nevertheless, it's not uncommon to find those with power in an organization creating security problems for it. "Knowing what I do about the industry from the perspective of a security service provider, I can personally attest that IT and C-level people are likely to be the worst security nightmare for any company," said Pierluigi Stella, CTO of Network Box USA. "C people think they're invincible and are usually arrogantly impatient. They demand special treatment and expect it without delay," he told TechNewsWorld. "They fail to realize that they're often the target of hackers looking to steal corporate bank accounts or other valuable information," Stella said. "Even worse is the situation with the IT people," he added. "I guarantee you if there are no controls, they'll abuse their power."Generation Gap
The Absolute survey also found a generational difference in attitudes toward security. For example, among 18- to 44-year-olds, 41 percent were most likely to hack their own systems, compared with 12 percent for pros over 45. Younger pros were also more optimistic about security. For instance, 92 percent of 18- to 44-year-olds were confident they could contain a data breach, compared with 79 percent of their older peers. "It's a digital native versus digital immigrant thing," Absolute's Midgley said. "Younger people have grown up with technology," he noted. "They are more adept as using technology. They look at technology in a different way than older people who have adopted technology during their career."http://fabtechnoid.com/
Hello, my name is Jack Sparrow. I'm a 50 year old self-employed Pirate from the Caribbean.
No comments:
Post a Comment