|
70 Percent of SMEs Enter 2009 With Networks at Risk of Security Breach
(Marketwire Via Acquire Media NewsEdge) SEATTLE, WA, December 3 / MARKET WIRE/ --
Napera Networks (www.napera.com) today issued
the results of an online Network Test (www.napera.com/products_test.php)
that asked 200 small and medium-sized enterprises (SME) a series of
questions to determine if their corporate networks are actually secure and
protected from potential threats. The results are in, and the answer is
overwhelmingly "no," with more than half reporting they either do not have
the policies, practices and solutions needed or are not able to enforce
security policies and are at risk of having their network or data
compromised.
The primary security issues revealed from the test were: computers not
kept up to date, Wi-Fi security and encryption practices, unknown threats
from mobile workers and laptops, an increased need to provide guest access,
and an overall lack of policy governing endpoint security. The inability of
companies to deal with these issues led to 70 percent of the respondents
receiving scores showing medium to high security risks to their networks.
Key statistics and trends revealed from this study include:
-- 57 percent of IT managers are not confident that their organization
knows the state of every endpoint that connects to their network.
-- More than 50 percent of companies are using shared passwords or no
encryption at all on Wi-Fi access points.
-- Only 29 percent of companies check to make sure computers are up to
date and patched before allowing traveling or remote employees to access
the network when they return to the office.
-- More than 50 percent of companies surveyed have guests accessing the
network every day, with 20 percent allowing non-employees to plug directly
into the network without security check or controls.
-- 31 percent of companies do not know the identity of every user on
their network.
"This data highlights why so many companies are struggling to control
security on their networks despite having invested heavily in traditional
security solutions. Many of the respondents do not have the right policies
in place to secure their networks from today's most common threats, and
those that do have policies generally lack a way to monitor and enforce
them. The genesis for starting Napera was talking to IT managers who
described exactly this set of conditions, which inspired us to create a
line of products to help SMEs take control of their networks and create a
more secure environment," said Todd Hooper, CEO of Napera Networks.
Keeping Computers Up to Date is Greatest Threat
Taking advantage of vulnerabilities in the operating system remains a
popular threat; however, many users are not taking the time to download
updates to protect their systems from attacks, thereby putting corporate
data and the network at risk. More than half of the respondents admitted
that computers on the network do not have the needed updates to the OS or
required it based on internal security policy but had no way of knowing
whether the computers actually were being updated. While the majority
believed all laptops had updated anti-malware solutions activated, a large
percentage did not have them activated or have no way of checking to see if
they are actually enabled or updated. Setting the policies is an important
step, but it is critical that there is a means to validate that users'
laptops are up to date before they gain access to network resources.
Guest Access on the Rise and the Next Big Threat
Many companies still do not have set policies or a secure way to manage or
control guest access to the Internet, even though customers, contractors or
other partners often need access for business purposes. When asked what
companies do when a guest needs Internet access while at their office, 20
percent allowed them to connect to the network directly without any
security checks, exposing their networks to potential threats from unknown
laptops/computers. In addition, 16 percent of companies allowed guests to
connect to their printers to print documents, also without security or set
policies in place, providing another channel for potential security
threats. During times of economic downturn, outsourcing is more prevalent
for all businesses, making the requirement to provide secure guest access
critical to productivity. However, companies should not sacrifice security
in order to gain the benefit of using contractors.
Wireless Encryption and Security is a Big Issue
Wireless network security represented one of the highest risk categories.
While 80 percent had active Wi-Fi access points in their networks, only 26
percent were using WPA Enterprise with individual passwords, which provides
the greatest level of security. Nearly half, or 46 percent, used a single,
shared password for wireless access, with an additional 6 percent using no
encryption at all, leaving their wireless access point open for anyone to
access. While a shared password with WEP or WPA-based wireless access
points is the standard in residential applications, deploying shared
passwords in a commercial environment poses a clear threat to a company's
network and data. In a recent report, Gartner security analysts addressed
increased risks to WPA-based access points, including threats posed by
hackers that have targeted and cracked the Temporary Key Integrity Protocol
(TKIP) in WPA, and recommend shifting wireless access points to WPA
Enterprise. (Source: Consider Shift to WPA2; John Pescatore and John
Girard, November 10, 2008, ID#G00163108).
Workforce Mobility Exposes 70 Percent of Companies to Unknown Threats
Mobile working has become the norm for the majority of SMEs as many
employees travel for work, take laptops home at night, or telework part of
the week. Almost half of respondents indicated their workforce is mobile.
When asked what companies let employees do with these laptops when
traveling or remote employees return to the office, two-thirds of
respondents do not check mobile users or computers for compliance before
they connect to the corporate network, bringing unknown threats with them.
The need to accommodate a growing mobile workforce is apparent, as is the
need to ensure that these mobile users do not compromise a company's
network.
Fifty-Seven Percent Lack Confidence that Every Endpoint is Secure
In spite of security solutions in place, many organizations are still not
sure whether computers accessing the network are really secure. Fifty-seven
percent of respondents indicated they are only somewhat confident or not
confident in the state of every endpoint that connects to their network,
while 42 percent said their company does not have a clear security policy
governing endpoint security. For example, a personal firewall is a basic
security technology on all computers, but there are many companies still
not requiring this or enforcing users to turn the firewall on, and many
users will turn this off in spite of policies requiring it. While 50
percent of respondents indicated they are confident that every laptop
connected to their network has a personal firewall enabled, 29 percent said
they were not confident, and 21 percent said they require it, but don't
know if all computers are enabled. Without a means to monitor that every
endpoint is secure, companies face a number of potential threats that they
may not even know how to protect against.
About Napera Networks
Napera Networks helps small and medium-sized enterprises succeed at network
security. Napera offers a line of integrated network access control
products and Web services that ensure only healthy computers and authorized
users access the network. With Napera, IT professionals can confidently
allow worker mobility, wireless networking, and guest Internet and printer
access, while keeping the network safe and secure. Napera is the only
network access control solution that is purpose-built for the SME but with
enterprise-class performance and security. For more information, go to
www.napera.com.
Contact:
Michele Mehl for Napera
425-205-9444Michele@buzzbuilders.net
Copyright ? 2008 Marketwire
[ Back To TMCnet.com's Homepage ]
|
INDUSTRIES
Activate Email 
Find Solutions for Enterprises, SMBs & Service Providers at the INTERNET TELEPHONY Conference and EXPO East, January 20-22, 2010. Miami, FL.
