Security Weakness and Defects Identified
Janco has review the detail results of 138 security audit programs conducted and identified the top eight defects mentioned in the audit reports.
The CEO of Janco said, "We did not find a single company that had no security weaknesses or defects reported in their audit reports. The security weakness and defects Janco found were:
- Single level verification use on sensitive data (53%;
- Public workstations connected into secure network (45%);
- Weak Passwords on Wi-Network logo (37%)
- VPN not used by Work From Home employees (27%)
- Shared login used (25%);
- Client-side data validation only used for sensitive data(21%);
- Access point weak encryption (21%);
- Login not encrypted for sensitive data access (17%);
- Back-end encryption not utilized (12%);
- Sever Management encryption not utilized (6%).
The data was captured by reviewing the detail findings of the audit reports. If there was a single occurrence of the defect it was counted. Janulaitis added, "What was striking was that there are still over one quarter of all enterprises where users share logins. Interestingly, those enterprise that utilize double levels of verifications the number of shared logins drops to a value that is not statistically significant."
Top Five Factors that Impact Security
Everyone talks about security, but it seems that security and data breaches are in the news more than ever. Janco has reviewed more than 100 instances of security and data breaches and found a number of core factors contributing to their occurrences:
- Data volumes and velocity of change are increasing at an exponential rate. In many companies, data is so voluminous, so disorganized and dispersed so frequently that IT departments aren't sufficiently staffed to implement standard security standards.
- IT departments are reactive, not proactive. IT departments tend to respond to problems after the fact versus identifying solutions before a problem occurs, largely due to a lack of resources.
- Users do not want to change or add processes. There is a wariness toward deploying yet another set of rules and tasks to follow on each Smartphone, desktop and laptop that might add procedures, hog processor cycles, require frequent updates and slow down users as they try to do their jobs.
- Complexity of security compliance. Devising and implementing a comprehensive, viable security policy may get in the way of traditional business practices, requiring the involvement of not just IT but also human resources, finance and legal teams, and business unit managers.
- Addressing 20% of the problem versus 80%. Many companies focus on intentional data leakage. In reality, though, most data leakage occurs when there is a lapse and simple, proactive steps (such as enciphering sensitive files on laptops and ensuring that only authorized individuals access sensitive information) could have prevented the problem in the first place.