IT pros lack confidence about business security

Would you bet money on the security of your company's systems? If your answer is no, you're far from alone. Most IT professionals lack so much confidence in the security of their organisations' networks that they wouldn't bet on it, according to the results of a recent survey.

The survey data speaks to both the inadequacies of corporate security measures and to the persistence of ever-growing security threats.

When asked to bet money that their networks would not be compromised in the next 12 months, 57 percent of IT professionals polled on behalf of PhoneFactor, a provider of multi-factor authentication solutions, would not take the bet. Granted, the potential wagers PhoneFactor presented were high: The company asked respondents to bet one of five amounts on the security of their networks: $0, $1,000, $5,000, $50,000 or $1 million.

Even if PhoneFactor had offered a few wagers under $1,000, respondents probably would have remained unlikely to take the bet, judging by their answers to other survey questions. For example, 84 percent of respondents think an expert hacker could infiltrate their corporate network. Of that 84 percent, nearly a quarter (23 percent) say an expert hacker could definitely gain access to their network.

If their networks were to get breached, only 25 percent of respondents are very confident that they would know they had been penetrated.

The prevalence of malware (including root kits, zero day exploits and man-in-the-browser attacks) is the number one reason respondents believe their networks are vulnerable, according to 55 percent of those surveyed.

Not quite half (45 percent) of respondents believe employees using personal devices to access corporate systems makes their networks more prone to attacks. The sheer volume of attacks ranked third, at 35 percent, followed by the widespread use of remote network access (32 percent).

More than 300 IT professionals responded to the survey, which was conducted online in February 2012.