For most IT professionals, the answer is ZERO, NADA, ZIP, ZILCH.
We recently surveyed more than 300 IT professionals, and their responses indicate an overwhelming lack of confidence in the security of their corporate networks. This was particularly apparent when IT pros were asked how much of their own money they would stake that their networks will not be breached in the coming year.
The majority (70%) of respondents were only Somewhat or Not At All Confident that an unauthorized person could not gain access to their network. And when asked if an expert hacker would be capable of infiltrating their network, 84% thought it was at least possible.
So, we asked IT professionals to put their money where their mouth is. How much of their own money would they be willing to bet that their company’s network will NOT be compromised in the next 12 months? The majority (58%) would bet $0.
It’s easy for a person to say that their network is secure, but when we asked them to make a bet using their own money they simply would not do so unless these further protections were put into place.
So, what’s driving all of this uncertainty? More than half of respondents cited malware, including root-kits, zero day exploits, and man-in-the-browser attacks as putting their networks at risk. Other key concerns include: Use of personal devices to access company resources (BYOD), the sheer volume of attacks, and widespread use of remote network access.
Perhaps one of the most unsettling insights to come out of the survey is the fact that only a quarter of IT professionals were confident that they would know if their network had been infiltrated.
Recently, a number of high-profile instances of attackers lurking undetected within corporate networks, sometimes for years, have come to light. In one such case, the email of Nortel executives was compromised for nearly a decade, allowing an attacker to access trade secrets and other sensitive information sent via email.
Knowing when an attacker is attempting to infiltrate your network is critical, particularly if the attacker been able to breach your first line of defense. For 87% of IT pros, receiving a real-time alert by phone call, text or e-mail any time someone attempted to log in with a stolen password increased their confidence in the security of their network. For one-third, this would have a significant impact on their confidence level.
A similar number of IT professionals, indicated that verifying user logins through an out-of-band phone call would increase their confidence.
Given the increased confidence out-of-band authentication and the real-time fraud alerts out-of-band methods can provide, we asked respondents whether having these tools in place would impact their willingness to bet on the security of their networks – 78% answered in the affirmative.
This lack of confidence in current security controls is driving adoption of out-of-band authentication from PhoneFactor. Nearly half (45%) of all respondents indicated that their company was planning to increase their use of out-of-band authentication over the next two years.
PhoneFactor provides strong protection from malware, fends off increasingly prevalent attacks, and shores up security for increasingly mobile workforces and the many devices that are used to access company networks.
If you aren’t willing to bet a dime on the security of your network, you are still taking a gamble. Put the odds in your favor with out-of-band authentication with real-time fraud alerts.