In a study of elite IT security professionals attending the Def Con 18 security event in Las Vegas recently, Tufin Technologies says that 73% came across a misconfigured network more than three quarters of the time – which, according to 76% of the sample, was the easiest IT resource to exploit.
Commenting on the results of the survey, Reuven Harrison, Tufin's CTO, said he was surprised to find that 58% of respondents also viewed network misconfiguration as being caused by IT staffers not knowing what to look for when assessing the status of their network configurations.
The co-founder of the security lifecycle management specialist added that the results are notable because more than half the survey respondents actually work in corporate IT.
"The really big question coming out of the survey", he said, "is how to manage the risk that organizations run dealing with the complexity that is part and parcel of any medium-to-large sized company's security operations", he said.
Delving into the research, which took in responses of 100 IT security professionals at the Def Con security event, reveals that 18% of professionals believe misconfigured networks are the result of insufficient time or money for audits.
Fourteen percent, meanwhile, felt that compliance audits that don't always capture the fact that best practices are a factor and 11% felt that threat vectors that change faster than they can be addressed also play a key role.
Automating configuration and security management is the best way forward to solving this problem, he claims.
And with an increasing number of self-described black (11%) and gray hat (46%) hackers holding corporate security positions, Harrison adds that the focus has overwhelmingly been on how easily we can break things – less than 30% of the sample is motivated by the desire to actually fix broken systems.
"When you factor in the issue that 60% of the respondents said they had a day job in the corporate world, it's clear that IT managers need to address the security shortcomings of their networks by remediating the network misconfiguration issue. Only by configuring their network resources correctly can companies hope to beat these security issues", he explained.
Infosecurity notes that 75% of respondents to the survey called themselves hackers, so Harrison says that network managers need to wake up to the fact that network misconfiguration is now a primary security issue for their IT staff.