10% of IT professionals cheat on IT audits

The survey - which took in responses from 242 IT professionals mainly in organisations with 1000 - 5000 employees - found that the number of 'IT audit cheats' had actually halved since the previous survey a year ago.

According to Tufin Technologies, the sponsor of the study, the professionals that admitted to cheating on their IT audits cited a lack of time and resources as the main reason for their actions.

The security lifecycle management firm, added that with 25% responding that their firewall audits take a week to conduct, attempting to avoid this painful process is understandable, if not excusable.

What's more, says Tufin, 7% of respondents admitted to never conducting an audit. With this in mind, the company says it is less surprising to find that 36% of IT professionals admit their firewall rule bases are a mess, so increasing their susceptibility to hackers, network crashes and compliance violations.

Commenting on the result of the survey, Michael Hamelin, Tufin's chief security architect, said: "It is a cause for concern that so many companies are only conducting audits sporadically and are admitting that their firewalls are in a mess."

"The consequences of a firewall with rules that are out of sync leave networks open to exploitation. Without the right automation tools, managing firewalls is complicated and time consuming, making it very tempting for IT professionals to cheat to get their audit passed. But in the long run it will only cause more problems", he added.

What’s Hot on Infosecurity Magazine?