The survey, which was carried out at the RSA Conference in April 2018, asked respondents about the techniques they would use to hack an organisation and 34 percent revealed that would use social engineering, 23 percent said they would enter via insecure web applications, 21 percent said via mobile devices while a further 21 percent said they would enter via a public cloud. Survey respondents were also extremely confident in their attack vectors, with 71 percent saying they would be successful.
Commenting on the survey, Bob Egner, VP of Product at Outpost24, said: “Our study shows how confident IT professionals are that most of today’s organisations are not as secure as they might believe, and will be easy to attack. Hackers understand there are key areas of technology which organisations will often overlook in terms of cyber-security and they will target these weaknesses first. A comprehensive security posture covers the full stack - network infrastructure, cloud environments, applications, mobile devices and even people. The study also demonstrates that once again people are viewed as the weakest link, so it is important that security teams understand the critical role they play in educating their staff on cyber-security issues.”
The study also asked respondents about their use of commercial clouds, like Amazon Web Services and Microsoft Azure. Findings revealed that 75 percent of respondents use a commercial cloud to host their organisation’s data. When respondents were asked if they use the same security in their cloud environment as they do to their owned assets or data centres, 41 percent said they did, 38 percent said they didn’t use the same security, while 22 percent were not sure.
“What many of the IT professionals are clearly not aware of is the evolving security requirements for cloud compared to on-premise environments. Security in the cloud is more around configurations rather than perimeter controls, which means that the tools and techniques an organisation uses to secure its on-premise data will be different from the tools they use in the cloud. While some security vendors may recommend using traditional end-point security in the cloud, the reality is it won’t be as effective. Organisations should instead look to vendors that specialise in security in the cloud,” continued Egner.