If you've ever wondered how your IT colleagues view the security of your organisation's network, you might be in for an unpleasant surprise. A recent survey of 300-plus IT professionals found "an overwhelming lack of confidence" when it came to network security. That's according to PhoneFactor Inc., a provider of phone-based authentication solutions, and the company behind the survey.
To be sure, given PhoneFactor's business, the company has an interest in promoting network security. Still, the magnitude of concern expressed by the security professionals may be telling - and is certainly a little frightening. More than half refused to bet on the likelihood that their networks wouldn't be breached in the coming year. More than two-thirds were either not confident or only somewhat confident that an unauthorised person couldn't access their networks. In fact, 84 percent said that it was possible an expert hacker could infiltrate their networks; nearly one-fourth said that an expert hacker "definitely" could gain access.
The primary reasons that respondents gave for questioning their networks' vulnerability were malware - 55 percent mentioned this - and the use of personal devices to access company resources, which was cited by 45 percent.
In addition, just one-fourth of respondents were very confident they would know if their network had been breached.
Of course, CFOs and CIOs both have every reason to be concerned about security breaches. The cost of a data breach in the US runs about $200 per employee, according to the most recent information from Ponemon Institute. That includes the cost of detecting the breach, notifying those impacted and developing a response, as well as the opportunity cost of lost business.
PhoneFactor, perhaps not surprisingly, presents its out-of-band authentication solution as one way to reduce the risk of a security breach. (Out of band authentication refers to using a channel other than the browser - such as a text message sent via the phone network - to verify an individual's identity.)
While PhoneFactor again has an interest in promoting this type of solution, at least one independent source has indicated that out-of-band authentication can be a component of an effective security program. In its recent Supplement to Authentication in an Internet Banking Environment, the Federal Financial Institutions Examination Council includes out-of-band authentication as an effective control that can be included within a layered security program.