IT Pros Worried About Security Breach Reporting
Almost 30 percent of those polled are not confident that their IT security staff can detect a cyber-attack attempting to breach their network.The vast majority (87 percent) of IT professionals believe large financial hacks are happening more often than reported, and right under the nose of security auditors, according to a survey of nearly 150 IT professionals conducted by Lieberman Software. Meanwhile, 71 percent of respondents think that an advanced persistent threat (APT) attack will attempt to breach their organization in the next six months. "There is a clear lack of visibility of the CEO and board of directors to the weaknesses and the inability of IT to manage risk and mitigate consequences to known outcomes," Philip Lieberman, president of Lieberman Software, told eWEEK. "From a leadership point of view, many … companies and government agencies [are being run] with a ticking time bomb and no ability to stop it or reduce the consequences of a breach. Not all of the blame lies with IT, but senior leadership of companies [is] not building in resiliency into their business operations when it comes to IT." The study also found that IT professionals (89 percent) believe the recently announced U.S. federal government cyber-security sanctions provide a deterrent to cyber-criminals.
"IT can build and operate workstations, servers and the cloud in a manner that service can be restored quickly. The common attack as well as the land and expand methods of intruders depend on moving within the network via stolen credentials," Lieberman said. "To minimize this consequence, companies must change the way they use privileged identities from the IT perspective—no use of domain admin accounts—and the removal of users having local administrator rights on their own machines."