IT security pros: Odds of secure network are slim to none
More than 70 percent of IT security pros wouldn't bet $100 that their companies will elude a data breach over the next six months, according to a new survey. (And that illustrates why this pack likes to gather in Las Vegas.) They understand the odds, and to them, there's no escaping the reality that end users make their organizations vulnerable by ignoring security rules, reports Nathan Eddy at eWeek.
IT isn't let off the hook in this survey, however. Many IT groups don't change default passwords when implementing a new system, and nearly a third of the respondents said their organizations have no policy for changing them, the study found.
"Most default passwords are publicly known and easily found online, meaning anyone with malicious intent can use these default credentials to gain anonymous access to systems and applications throughout the enterprise," said Philip Lieberman, president and CEO of Lieberman Software.
Sounds to me like a case of the preachers not practicing what they preach. If we could understand why IT security pros don't follow a simple best practice like changing default passwords on new systems, we could probably understand why end users ignore security rules too. Hmmm. I confess that I don't always change passwords as recommended because it always seems like I have something more pressing to do. And here I don't even work in IT.
- see Nathan Eddy's article at eWeek
Why users choose the obvious for computer passwords
Computer passwords never were very secure
Amazingly true (and dumb) password practices
Survey: IT pros guilty of password shortcuts