Little slips cause most security breaches

Summary:Even the most expensive security systems are rendered useless by simple user error--the single biggest cause of network attacks, according to one survey.

The single biggest cause of network security breaches is not software bugs and unknown network vulnerabilities but dumb moves by PC users, according to a survey published by computer consultant @Stake.

The security research company, which is best known for uncovering bugs in operating systems and network software, said that despite the risk of computer fraud, many corporate computer users leave passwords on paper notes, fail to change passwords from the default, and incorrectly configure hardware.

Other security no-brainers include encrypting data but leaving it on a machine in an unencrypted format or locking it with a blank password and failing to change system passwords during updates. The survey also discovered that some companies connect servers directly to the Internet, bypassing router firewalls.

The research shows that springing for the most costly security products can be a waste of money, according to Royal Hansen, practice director for @stake Europe.

"Expensive and elaborate security measures are often completely undone by a company's failure to enforce even the most simple precautions, opening up the entire corporate infrastructure to malicious attack," Hansen said.

Another survey, conducted recently by KPMG, adds weight to the suggestion that the greatest threat to company data comes from within. KPMG found that the majority of computer fraud is committed by employees trying to get inside information.

Staff writer Will Knight reported from London.

Topics: Security, Networking, PCs, Servers, United Kingdom

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.