Network defense technology needs to be updated to be able to stand against modern security incidents

Apr 20, 2015 12:01 GMT  ·  By
Company employees believed to be at fault for most cyber intrusions
3 photos
   Company employees believed to be at fault for most cyber intrusions

A recent study commissioned by a network security company revealed that compromised assets belonging to company employees coupled with various security mistakes they made were the main cause for damage to information security.

During the experiment, at least 95 IT professionals from an undisclosed number of organizations responded to the queries.

It was conducted by research organization TechValidate at the request of Cryptzone, a firm that provides dynamic, context-aware security solutions to protect assets considered critical (services, applications and content) for a business.

User behavior exploited by threat actors

One of the findings of the study was that one of the main causes for most security-related damage in a company during the past year was inadequate employee behavior both at the workplace as well as outside it.

Attacks on a company are often perpetrated by outsiders, who prey on vulnerabilities they can exploit to get inside access. External malicious actions accounted for a large number of incidents (45%).

However, 60% of 95 IT professionals questioned about this matter blamed user mistakes or accidents for security incidents occurring in the past 12 months. In 28% of the cases, the response was that compromised personal user accounts were used for the attacks, and 14% were pinned on compromised personal devices used at work (BYOD - bring your own device).

These findings are not different from what Intel Security discovered in a separate survey that involved 700 respondents, which highlighted that threat actors rely on social engineering to trick company employees into following malicious links leading or opening email attachments containing malware.

Cryptzone’s research also found that a company’s stance towards securing its digital assets also played an important part in successful cyber attacks, as the study reveals that professionals said that open network access to authenticated users was responsible for 21% of the incidents.

Outdated technology present at most of the surveyed organizations

Moreover, much of the network access control (NAC) technology used to protect the network was outdated, more than half of the surveyed companies relying on NACs that were more than three years old. In 11% of the cases, the technology used was from at least ten years ago.

Out of the 117 IT professionals that provided answers about this, only 11% said that their organizations used modern tools, such as intrusion prevention systems (IPS), next generation firewalls, vulnerability assessment mechanisms and identity management solutions, that were six months old or less.

This state of insecurity is also due to the fact that despite the overall growth of security incidents the budget allotted to defending the company’s assets did not increase in most of the cases (45%), with 21% of the respondents expecting such a course in the next year.

"The cyber attacks we have seen over the last few years, have demonstrated that it’s far too easy for hackers to steal user credentials, and then use those credentials to traverse the enterprise network in search of the most valuable data. Organizations need to accept that outdated access control technologies are not working against today’s sophisticated adversaries," says Kurt Mueffelmann, president and CEO at Cryptzone.

Photo Gallery (3 Images)

Company employees believed to be at fault for most cyber intrusions
Most surveyed companies rely on outdated network access controlsBudget for strengthening security is not a company priority
Open gallery