LONDON (ZDNet UK)The single biggest cause of network security breaches is not software bugs and unknown network vulnerabilities but user stupidity, according to a survey published by computer consultancy firm @Stake.
The security research company, which is best known for uncovering bugs in operating systems and network software, says that, despite the ever risk of computer fraud, many corporate computer users leave passwords on post-it notes, fail to change passwords from the default and incorrectly configure hardware.
Other security no-brainers include encrypting data, but leaving it on a machine in an unencrypted format or locking it with a blank password and failing to change system passwords during updates. The survey also discovered that some companies connect servers directly to the Internet, bypassing router firewalls.
The research shows that splashing out on the most costly security products can be a waste of time, according to Royal Hansen, practice director for @stake Europe.
"Expensive and elaborate security measures are often completely undone by a company's failure to enforce even the most simple precautions, opening up the entire corporate infrastructure to malicious attack," Hansen said.
Another survey, conducted recently by consultancy firm KPMG adds weight to that suggestion that the greatest threat to company data comes from within. KPMG suggests that the majority of computer fraudsters will already be an employee or will try to get inside a company.