Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Study Uncovers Common Policy Mistakes Leading To IT Security Vulnerabilities

Kaspersky Lab UK : 07 July, 2011  (Technical Article)
Organisations are putting their IT resources at risk through flawed security policies as detailed in a study released by Kaspersky Lab
Study Uncovers Common Policy Mistakes Leading To IT Security Vulnerabilities

A study has been conducted for Kaspersky Lab by its Global Emergency Response Team – a consulting service for the company’s corporate users - which looks into the main IT security policy mistakes that can put an organisation at risk. 


Shared access to files is the main cause of incidents - The biggest mistake a business can make is to ignore network share access rights, proven by the fact that it is responsible for 35 per cent of all incidents. For example, there might be open sharing with access rights configured as ‘full access’ to everyone on an internal file server or end-user work desktop such as a shared public document workspace, where all documents are stored. Sooner or later this can become a prominent source of malware redistribution throughout the organisation.


Missing one single patch on a network - Modern malware takes advantage of existing vulnerabilities, and organisations are not always prepared. A network with just a single missing patch can be put at serious risk, and this is a common issue seen mostly in small to medium organisations with end users numbering less than 500. These organisations either do not have enough expertise, or ignore patching completely. This mistake is responsible for 25 per cent of incidents.


Use of multiple vendor anti-malware solutions - Using multiple vendor anti-malware solutions may lead to a situation where it is hard to mitigate malware attacks, and is responsible for 15 per cent of incidents. This may occur if one of the vendors does not respond fast enough to attacks. Delays in responses may run to days, weeks or even months. During this time the solution of another vendor would detect and remove malware, but only in its part of the network – and malware would attack it from the unprotected side. Alexey Polyakov, head of the Global Emergency Response Team at Kaspersky Lab, said: “From our experience we see that security admin spends a lot of time working with multiple vendors’ support services in finding and fixing a problem.”


Partial protection - A partially protected environment (responsible for 15 per cent of incidents) is where an anti-malware solution is installed on part of the network, leaving other resources unprotected.


Firmware vulnerability in need of patching - Firmware vulnerability (responsible for 5 per cent of incidents) may be exploited by attackers if security admin forgets to monitor hardware devices, such as routers, firewalls and other network appliances, to see if they need patching.


Website downloads - Another relatively infrequent mistake (also 5 per cent of incidents) is to believe that software downloaded from the Web is always perfectly sound software.


How to deal with these mistakes and what to remember when designing a corporate IT security policy can be found in Alexey Polyakov’s presentation entitled ‘Corporate Incidents: Lessons Learned. Common and Avoidable Security Policy Mistakes for IT Management’.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo