End point security which is a key component in the information security defences of organisations, is being totally overlooked by a significant number of organisations, according to a survey released today by Secure Computing Corporation. A fifth of organisations do not have any form of end point security which means that their corporate networks and data are potentially exposed to hackers and criminals who can access sensitive information from unprotected access points.
In addition 49% of organisations do not even use desktop firewalls for end point security, this is the most basic and fundamental level of security that should be deployed to prevent unauthorised access to sensitive information.
Protecting the operating system by ensuring it has the latest available patches installed is a further area that needs improvement with over a third (37%) of organisations not keeping their operating systems up-to-date.
Anti virus software which is one of the most fundamental IT security defences is not used at the end points of 20% of organisations, which is a shocking statistic given that the survey was carried out amongst 227 information security professionals at Infosecurity Europe 2006.
The survey questioned further on views about identity and access management, 46% of organisations are very exposed as they are still only using passwords, 40% are now using hardware tokens, 10% are using smartcards and 5% biometrics, a few organisations (2%) are not using any access control. Nearly four out of ten (38%) security experts believe that two-factor authentication is now the solution to phishing and identity theft. It is well known that hackers use many effective tools to compromise users’ passwords. Such tools include sniffing, brute force attacks, dictionary attacks, personal information gathering, and social engineering (sneaky efforts to get someone to reveal their password). Hackers install keystroke-grabber software on public Internet terminals. Network sniffers steal passwords over wireless networks. Using these attacks, a password is just as vulnerable if it’s “johndoe” or “gIw$H1#5W.”
A third of respondents believe it takes at least 24 hours for a signature to be developed to protect against an exploit after it appears in the wild and a further 17% believe it takes a week. Hence the need for “zero hour’ defences that protects a network against unknown threats. Only 16% thought that it took an hour and 17% thought that it takes two hours. The majority of people (70%) do not believe that signature based security is sufficient in itself to protect an organisation. Unknown attacks are quickly becoming the next great information security challenge for today’s organizations. In the first half of 2005, over 10,800 new virus and worm variants were identified for the Win32 platform alone, representing an increase of 48% over the prior six-month period. As the window of time between the disclosure of a new vulnerability and the emergence of unique threats that operate against it continues to diminish, so does the effectiveness of many conventional countermeasures, including patch management.
“This survey has revealed that organisations still have a lot of work ahead of them to secure their information. Identity and access management is key to ensuring that people only have access to the information that they need and are authorised to use”, said Andy Philpott, Vice President, Secure Computing, EMEA. Philpott continued, “Identity and access management, Threat Management and Content Security Management, are essential to protect sensitive data held in trust by organisations and prevent identity theft. For an organisation to be secure in the current environment of increased cyber-crime, it must create a culture of security awareness in the people who have access to data. A security culture should be based on a strong security policy underpinned by “ease-of-use’ proven technology that protects against both known and unknown threats.”
Another key issue in defeating hackers is to protect the applications themselves but with nearly half (46%) of companies failing to keep their application patches up-to-date, it seems that organisations are not taking this threat seriously enough. When questioned on threat management a fifth of organisations do not have any “Application Layer Security’ which is essential to protect valuable data and financial transactions and a further fifth do not even know if they have any Application Layer Security. According to Andrew Yeomans from the Jericho Forum, “as business requirements drive us towards a de-perimeterised future, both application layer and end-point security become essential, since central protection is decreasing in effectiveness.”
When questioned on what they considered to be the elements necessary for complete content security management, Anti virus (78%) is judged to be the most the most important element closely followed by URL Filtering (75%) and Anti Spam (74%). Elements that are not considered to be as important to complete content security management are Content protection (59%), IM Filtering (54%), and SSL Scanning (53%).
According to Andy Philpott, “implementation of a complete SCM suite can help organisations by providing in-depth security against blended threats with efficient policy management that guarantees optimum security configuration. Also the new breed of SCM software and appliances are easy to install and deploy and use a single point of administration.”
A firewall (11%) is the most popular choice as the first line of defence against worms, malware, and phishing attacks, user education and awareness is the second choice at 9% and Anti Virus is 8%. The best form of defence that an organisation can put in place against worms, malware, and phishing attacks is a defence in depth approach which includes provision against both known and unknown forms of attack and incorporates best of breed solutions for content security management; identity and access management; threat management and data encryption. A security aware culture and user education also have an important part to play as technology can only go so far in defending organisations against hackers.
Philpott continued, “The new breed of Identity and Access Management appliances provide a reliable mechanism to enforce every end-point device adheres to corporate IT policy, including work PCs, laptops, home PCs, PDAs, servers, and workstations. Only properly configured, properly secured devices are granted access, making sure that system patches, anti-virus software, and firewall protection are all in place. Identity and Access Management technology offers total access control by applying a single security policy to all access methods, globally, which greatly simplifies rollout and enforcement.”