More enterprises admit to intrusions, lack of best practices

A new survey says the computing systems of one in four medium or large companies have been compromised, and yet only half have taken standard precautions to prevent attacks.

SearchSecurity.com Staff

One in four enterprises admits its networks and servers have been compromised in the last two years. That number is far greater -- 40% -- for companies with 20,000 or more employees. Given how many also admit to not taking precautions beyond the bare minimum, the real shock may be that even more organizations weren't victimized.

"In the final quarter of 2005, it is somewhat surprising that only slighting more than half of enterprises indicated they have turned off nonsecure protocols like Telnet or FTP," commented Jeff P. VanDyke, president of Albuquerque, N.M.-based VanDyke Software Inc., in a prepared statement. VanDyke Software, which provides standard-based security software, commissioned the survey of 360 respondents conducted earlier this month by Amplitude Research Inc. of Boca Raton, Fla.

Download this free guide

UK IT Priorities 2018 survey results

Download this e-guide to discover the results of our 2018 UK IT Priorities survey, where IT leaders shared with us what they are going to be investing in over the coming 12 months.

Corporate E-mail Address:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

More than 50% of respondents at larger companies, which constituted almost half of those taking the survey, did say they now use automated scripts to perform security monitoring and update virus signatures to servers. Combined with those at companies with 1,000 or less employees, the following tactics were being used:

92.26% installed a network firewall

53.56% use a network analyzer (e.g., Microsoft Baseline Security Analyzer)

53.25% turn off nonsecure protocols like Telnet or FTP

51.70% installed an intrusion detection system

50.77% installed a user-based firewall

42.11% implemented WiFi security (WEP, WAP, proprietary like 3Com)

39.63% set up a DMZ

37.77% use a port scanner to locate out-of-policy services on the network

3.72% stated "other"

Another interesting highlight was where folks turned to learn about security best practices.

The top sources of information were security-related Web sites (69%); trade magazines (67.5%); training courses (53%); and conferences (50%). Also having in influence were newsletters, online discussion forums, books, local training courses through universities and user groups, USENET groups and security-related Web logs, or blogs.

Read more on IT for small and medium-sized enterprises (SME)

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.