Majority of IT Security Pros Expect a Data Breach Within Six Months
A Lieberman Software survey also found that one third of organizations don't have a policy requiring default passwords to be changed.
According to the results of a survey conducted by Lieberman Software at the RSA Conference in February 2013, 73.3 percent of IT security professionals wouldn't be willing to bet $100 of their own money that their companies won't suffer a data breach within the next six months (h/t Infosecurity).
"These figures highlight the fact that IT security professionals realize that most organizations are woefully unprotected against cyber attacks," Lieberman Software president and CEO Philip Lieberman said in a statement. "While vendors of conventional security products -- like firewalls and anti-virus -- are constantly updating their tools to reactively protect against the latest threats, hackers are looking for flaws and engineering new attacks to exploit them. The reality is that 100 percent protection is nearly impossible to achieve, but there are still best practices for securing access to critical systems and data that many organizations tend to ignore."
The survey of almost 250 IT security pros, almost 50 percent of whom work at organizations with more than 1,000 employees, also found that 81.4 percent of IT security staff think employees tend to ignore the rules that IT departments put in place, 38.3 percent of IT security personnel have actually witnessed a colleague accessing company information that he or she should not have access to, and 32.3 percent of organizations don't have a policy requiring default passwords to be changed when deploying new hardware, applications and network appliances.
"Default privileged passwords are, in a sense, hidden backdoors onto systems that are deployed on a network. ... IT departments that do not have a solution in place to automatically detect, flag and change default privileged passwords on newly deployed systems are neglecting a very common security hole," Lieberman said.