71 percent of IT pros believe they can hack any organization
Using one of four common attack vectors, 71 percent of surveyed IT professionals believe they could successfully hack any organization.
Based on a survey carried out among attendees to the RSA Conference in April 2018 by vulnerability management specialist Outpost24, 34 percent say that they would use social engineering, 23 percent say they would enter via insecure web applications, 21 percent via mobile devices, while a further 21 percent say they would enter via a public cloud.
"Our study shows how confident IT professionals are that most of today's organizations are not as secure as they might believe, and will be easy to attack," says Bob Egner, VP of product at Outpost24. "Hackers understand there are key areas of technology which organizations will often overlook in terms of cyber-security and they will target these weaknesses first. A comprehensive security posture covers the full stack -- network infrastructure, cloud environments, applications, mobile devices and even people. The study also demonstrates that once again people are viewed as the weakest link, so it is important that security teams understand the critical role they play in educating their staff on cyber-security issues."
The survey also looked at respondents use of commercial clouds such as Amazon Web Services and Microsoft Azure. It reveals that 75 percent of respondents use a commercial cloud to host their organization's data. When asked if they use the same security in their cloud environment as they do to their owned assets or data centers, 41 percent say they do, 38 percent say they don't use the same security, and 22 percent were not sure.
"What many of the IT professionals are clearly not aware of is the evolving security requirements for cloud compared to on-premise environments." adds Egner. "Security in the cloud is more around configurations rather than perimeter controls, which means that the tools and techniques an organization uses to secure its on-premise data will be different from the tools they use in the cloud. While some security vendors may recommend using traditional end-point security in the cloud, the reality is it won't be as effective. Organizations should instead look to vendors that specialize in security in the cloud,"
You can find out more about the results in the full report available from the Outpost24 site.