The one message from security experts that I’ve heard repeated throughout my security writing career is that network and IT security require a layered approach. You can’t use one security technique and expect that one thing to handle all of your security.
A new study from Rapid7 reiterates the need for layered security. The survey took responses from 600 IT pros and 96 percent of them said antivirus software is enabled on employee machines. (I admit my initial reaction to that statement was only 96 percent? AV software is as basic as security comes, so shouldn’t it be 100 percent?)
Rapid7 does point out that while the high rate of AV software installation is good, it is only the first step. According to a Forrester report, AV software catches only 20 to 30 percent of malware, and the Verizon 2013 Data Breach Investigations Report found that 71 percent of all attacks and breaches last year involved compromised end-user devices. AV software will have some positive effect, but it can’t be the only security option used in the enterprise.
Yet, that AV software appears to be the highlight of this survey when it comes to actively protecting the network. Only 82 percent of respondents are sure that their employees’ computers have the latest operating system patches installed. And another 80 percent require strong passwords and/or have passwords that need to be changed on a regular basis. While 90 percent of respondents say that they are able to block suspicious attachments, 54 percent of those surveyed do not, or do not know if they have code execution prevention controls enabled on users’ machines.
You may look at the numbers and think that most of the respondents are providing positive answers, but we know a lot more about security threats today than we did even a year or two ago. AV software is essential, but not installing patches leaves the network vulnerable to malware or a breach. So having nearly 20 percent of the surveyed IT pros who aren’t sure or know that their employees’ computers aren’t being updated is an unacceptable number. AV software won’t protect your network from an unpatched OS.
The survey didn’t focus on BYOD concerns, and that may be where the disconnect lies. But of course, that’s an issue that needs to be address with a solid BYOD security policy.
As Rapid7 says, an enterprise is only as secure as its weakest link. One unpatched computer or one unblocked email can end up doing a lot of damage to a network.