Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Security Survey. Show all posts

Influence of Digitalization on IT Admins

A SaaS software business named SysKit has released a report on the impact of digital transformation on IT administrators and the present governance environment. According to the report, 40% of businesses experienced a data breach in the last year. This can have a serious impact on an organization's productivity and lead to costly fines, downtime, and the loss of clients and certifications that are essential to its operations.

The research, held out in November, included 205 US IT managers who are in charge of overseeing the IT infrastructures of their firms, and it fairly depicts the target demographic. As per SysKit, improper zero trust and full trust implementation can result in data breaches. Based on the survey, 68% of respondents believe that the zero trust approach restricts the ability to collaborate, while 50% of respondents think that the full trust approach to governance is ideal.

The majority of IT administrators (82%) agree that non-technical staff who are resource owners must be more proactive in data reviews and workspace maintenance. Furthermore, when enquired about one‘s specific IT governance skills, 50% of the respondents stated that non-tech employees do not know how to properly apply external sharing policies, 56% believed they did not know how to properly apply provisioning policies, and 30% stated that their coworkers are not taking care of their inactive content. According to SysKit, this lack of knowledge can result in data leaks, unchecked workspace sprawl, and higher storage expenses.

The survey also revealed that excessive workloads, a lack of comprehension from superiors, and a misalignment of IT and business strategy are among the main issues for IT administrators. As technology continues to develop, organizations will face new opportunities and difficulties. Future applications of AI-based technologies have not yet been defined since they are still in their initial stages. 

How Often do Developers Push Vulnerable Code?

In a recent Research Synopsys stated that 48% of organizations deliberately push vulnerable code in their application security programs due to time constraints. The survey has been published after a thorough investigation conducted on more than 400 U.S.-based developers who work at organizations where they currently have CI/CD tools in place. 

The survey report named “Modern Application Development Security” examined to what extent threat security teams understand modern development and deployment practices, and where security controls are required to lower the risk. 

Following the survey, 60% of respondents mentioned that their production applications were exploited by OWASP top-10 vulnerabilities in the past 12 months. 42% of developers push vulnerable code once per month. 

The research stated that certain organizations knowingly push vulnerable codes without a thorough understanding of the security risks that they are taking. Employees think that it does not come into their bucket of responsibility to fix the code before the immense pressure. 

29% of developers within their organization lack the knowledge to mitigate issues. Developers play a very important role in application security, but the report stated that they lack the skills and training. Nearly one-third (29%) of respondents express that developers within their organization lack the knowledge to mitigate issues identified by their current application security tools. Further, the report said that Developers fix only 32% of known vulnerabilities. 

The researchers have also given solutions to fix the vulnerabilities efficiently. A third of vulnerabilities are noise. To reduce false-positive vulnerabilities, scans must have access to all of the required data so that security tools can accurately research whether vulnerability exists. Reducing security noise will allow developers to address security issues confidently and on time. 

Following the research, Tromzo CTO Harshit Chitalia said, “These findings show that developers regularly ignore security issues, but can we really blame them? Security teams are bombarding them with an endless stream of issues that need to be addressed with no way for them to separate what’s actually critical from all the noise, all while they are expected to release software more frequently and faster than ever before…” 

“…If we want developers to truly implement security, we must make it easy for them. This means integrating contextual and automated security checks into the SDLC so we can transition from security gates to security guardrails,” he further added, 

Two-Thirds of Organizations are Targets of at Least One Ransomware Attack

Every year there are a number of studies getting published on cybersecurity issues and recently 2021 Global State of Ransomware Report got published by Fortinet, a cybersecurity organization. The key finding of the report is that more than two-thirds of organizations are being targeted for at least one Ransomware attack in recent years and that’s why organizations are way more concerned about ransomware attacks compared to other forms of cybercrime. 

Before this report, a study showcased that the number of ransomware victims grew by almost 100%, while 60% of the attacks were performed by only three ransomware groups – Conti, Avaddon, and Revil. However, the research also revealed that the majority of organizations are well prepared against ransomware attacks, including, risk assessment plans, employee cyber training, and cybersecurity insurance. 

Research also discloses that the companies were most focused on remote workers and devices. The topmost priority of companies regarding a ransomware attack was how to secure data from the attack. In addition, 84% of organizations reported having an incident response plan, and cybersecurity insurance was a part of 57% of those plans. 

Regarding paying the ransom if attacked, the procedure for 49% was to pay the ransom outright, and for another 25%, it depends on how expensive the ransom is. Along with this, one-third of organizations that paid the ransom got their data back. 

John Maddison, EVP of products and CMO at Fortinet, said: “According to a recent FortiGuard Labs Global Threat Landscape report, ransomware grew 1070% year-over-year. Unsurprisingly, organizations cited the evolving threat landscape as one of the top challenges in preventing ransomware attacks…”

“…As evidenced by our ransomware survey, there is a huge opportunity for the adoption of technology solutions like segmentation, SD-WAN, ZTNA, as well as EDR, to help protect against the methods of access most commonly reported by respondents…” 

"…The high amount of attacks demonstrates the urgency for organizations to ensure their security addresses the latest ransomware attack techniques across networks, endpoints, and clouds. The good news is that organizations are recognizing the value of a platform approach to ransomware defense”, he added.

2011 Survey of IT Professionals about Insight Passwords

In 2011 Lieberman Software surveyed more than 300 IT professionals for their
insights into password practices and security outcomes. Portions of the survey
focused on the numbers of passwords in use, sharing of privileged passwords,
organizational security and other areas.

Survey respondents worked in organizations ranging from fewer than 100 to
more than 10,000 employees, with the largest portion of respondents (62%)
working in organizations that employ more than 10,000 individuals.
The following sections summarize survey results having to do with the attitudes
and outlook of IT personnel. Highlights include:
  • Fully 51% of respondents said they must remember 10 or more passwords for different systems and applications on their jobs.
  • 42% of IT professionals said that two or more IT staff in their organization share a password to access a system or application.
  • 48% of respondents said that in their organizations a privileged password  for a system, network device or application goes unchanged for more than 90 days.
  • Nearly half of respondents – over 48% – said that they have worked at an organization whose network was breached by a hacker.
Check the Full Report Here:
http://www.liebsoft.com/uploadedFiles/wwwliebsoftcom/MARCOM/Press/Content/2011-Password-Survey.pdf