Smart Buyer
  • Shop On NeweggBusiness
  • Categories
    • Buying Guides
    • Components
    • DIY and How-to
    • Industry Trends
    • NetSec
    • Networking
    • Storage
    • Systems – PC & Laptop
    • Windows
  • About
  • Why NeweggBusiness?
  • Contact Us
Top Posts
PC Cooling: How to Set up Computer Case...
5 Ways to Stream from PC to TV...
How to Choose the Correct RAM Upgrade
How to Troubleshoot a PC Power Supply
Four Apps that Make Your Tablet a Second...
2019 Solid State Drive (SSD) Buying Guide
6 Reasons Your PC is Slow and How...
How-to Guide: Small Office Network Setup
Born in the USA: Computer Hardware Made in...
Computer Monitor Buying Guide 2019

Smart Buyer

  • Shop On NeweggBusiness
  • Categories
    • Buying Guides
    • Components
    • DIY and How-to
    • Industry Trends
    • NetSec
    • Networking
    • Storage
    • Systems – PC & Laptop
    • Windows
  • About
  • Why NeweggBusiness?
  • Contact Us
Intelligencer

Are You Lying About Your Computer and Network Security Practices?

by Scott Roy Smith May 19, 2016
by Scott Roy Smith May 19, 2016 0 comment 5267 views

Our recent survey on hack preparedness got me wondering if IT administrators are being honest with themselves about their computer and network security practices. This comes to mind since we repeatedly hear that hackers had access to systems for weeks or months before they are discovered.

No doubt, the administrators of those systems thought they were doing a good job with their security practices, only to find out they missed something for an extended period of time. Are these cases of willful ignorance? Or worse, are security administrators deceiving themselves and their organizations about the efficacy of their security practices?

Certainly, your users can help detect a breach by reporting service outages or a vandalized website. But some of the most damaging hacks are not so obvious. With the NeweggBusiness survey data in hand, I decided to cross-check the responses to questions about fundamental security practices that might help reveal hacks and attempts.

Checking Logs Weekly… or Weakly?

Of course, checking logs is just one important method for detecting security breaches and attempted hacks. So, I wanted to see if there was a correlation between admitted frequency of checking system and network logs versus acknowledging the likelihood of detecting a security breach that wasn’t blatantly obvious.

63% check logs weekly or more often but 37% less often than weekly

How long do hackers need access to cause damage?

For survey respondents who believed they would certainly detect a systems breach that wasn’t readily apparent, nearly 63% indicated they review system and network logs weekly or more often. That means that another 37% checked their logs “weakly” (less often than once a week). Considering that the time elapsed between log checks might be periods of free reign for hackers, can we honestly say those security practices are adequate?

Of those who answer that they are not likely to detect a network breach, 73% indicated they rarely review system and network logs and another 11% said their review of logs was just above rarely. So it appears that they had a realistic view of what to expect as the outcome of not making review of logs a regular and frequent habit.

Acknowledging the Greatest Security Risk, Only to (Mostly) Ignore It

We asked what they believed their greatest source of security risk is. The number one choice, at 35%, was social engineering vulnerabilities. This indicates that most respondents felt that employees are the greatest security weakness they have to deal with—well beyond network vulnerabilities, which came in second at about 23%. While some systemic protections can be put in place to help protect against this risk, most experts will agree that training employees how to not become a point of security failure is the best threat deterrent.

Social engineering was identified as the number 1 risk but programs to manges it are minimal

Training programs to manage the number 1 risk: social engineering.

That being the case, I cross tabulated those respondents who selected social engineering as their greatest threat with the earlier question about the status of their existing employee security awareness program. With so much concern about social vulnerabilities among respondents, I did not expect the result that 29% have no security education program and another 38% rely on security education sent to staff by e-mail. We will have to do another study to find out how many of those employees actually read and learn from the security e-mails.

I wondered if these respondents had few employees and thus felt they could justify the lack of a formal security awareness training program. When I ran the reports for respondents in organizations with more than 20 employees, I found that more than 32% had no security awareness program and another 38% relied on occasional security education e-mails sent to staff.

Of course many of the survey respondents are probably not in a position to require a security training program. We do hope they are honest with themselves about this and recommend one to their bosses though, since that is the current best way to manage the social engineering risk.

While the NeweggBusiness hack preparedness survey results revealed these interesting tidbits about self-reflexive views of computer and network security practices, there were other points we’ll be reporting on that are reassuring.

Flickr Photo by Tristan Schmurr.
Scott Roy Smith

Scott Roy Smith

A visionary and creative online media product manager with extensive experience in interactive multimedia and online product strategy, design, and development. Scott has spearheaded successful products such as webinars, blogs, and recording of entire conferences for immediate webcasting and podcasting. He was instrumental in rapid Web site traffic growth and sales growth of digital products.

More Posts - Website - Google Plus

Summary
Are You Lying About Your Computer and Network Security Practices?
Article Name
Are You Lying About Your Computer and Network Security Practices?
Description
Our survey reveal security administrators may be deceiving themselves and their organizations about the efficacy of their security practices.
Author
Scott Roy Smith
HardBoiled | NeweggBusiness
NeweggBusiness
https://www.neweggbusiness.com/smartbuyer/wp-content/uploads/logo_newegg_b2b_600x60.png
NeweggBusiness
computer securityhonestylog checkNetwork Securitysocial engineeringtruth
0 comment
0
FacebookTwitterGoogle +PinterestEmail
Scott Roy Smith
Scott Roy Smith

A visionary and creative online media product manager with extensive experience in interactive multimedia and online product strategy, design, and development. Scott has spearheaded successful products such as webinars, blogs, and recording of entire conferences for immediate webcasting and podcasting. He was instrumental in rapid Web site traffic growth and sales growth of digital products.

previous post
[Infographic] Comparing Information Security in Large and Small Companies
next post
5 Ways to Stream from PC to TV or Digital Display

Related Posts

A Stand Up Desk: A Better Ergonomic Workstation?

October 12, 2018

Networking the Smart Office That Millennials Demand

February 1, 2018

Are You Ready for Machines to Control The...

September 1, 2017

How Technology Nuances Affect Genuine Printer Ink Cartridges

August 15, 2017

Owning the IT Procurement Process: A Complete Guide

March 1, 2017

Is Liquid Silicon the Next Generation of Computer...

November 28, 2016

3 Crucial Things to Know When Getting a...

September 8, 2016

What Does the Internet of Things Mean for...

August 26, 2016

Sparks Fly for Drone Technology and Firefighters

August 10, 2016

Done with Your Mobile Phone Contract, Not Upgraded,...

August 5, 2016

What's your take? Cancel reply

Subscribe

Savings Spotlight
  • 1

    PC Cooling: How to Set up Computer Case Fans

    September 25, 2015
  • 2

    5 Ways to Stream from PC to TV or Digital Display

    May 23, 2016
  • 3

    How to Choose the Correct RAM Upgrade

    April 28, 2015
  • 4

    How to Troubleshoot a PC Power Supply

    July 11, 2018
  • 5

    Four Apps that Make Your Tablet a Second Monitor

    January 9, 2018
  • 6

    2019 Solid State Drive (SSD) Buying Guide

    December 6, 2018
  • 7

    6 Reasons Your PC is Slow and How to Fix It

    February 28, 2019
  • 8

    How-to Guide: Small Office Network Setup

    December 20, 2018
  • 9

    Born in the USA: Computer Hardware Made in America

    September 27, 2018
  • 10

    Computer Monitor Buying Guide 2019

    January 4, 2019

Newegg + Business

How is this different from Newegg.com?

Why NeweggBusiness?
  • Facebook
  • Twitter
  • Linkedin
  • Email