Misconfigured Networks Main Cause of Breaches

An anonymous reader writes "Responses to a survey from attendees of the DEFCON 18 conference revealed that 73% came across a misconfigured network more than three quarters of the time – which, according to 76% of the sample, was the easiest IT resource to exploit. Results revealed that 18% of professionals believe misconfigured networks are the result of insufficient time or money for audits. 14% felt that compliance audits that don't always capture security best practices are a factor and 11% felt that threat vectors that change faster than they can be addressed play a key role."

Re:Check those facts & figures

[turbidostato]

"Actually they're the result of incompetence and/or apathy."

I know my trade and I know that it will cost more time/money than throwed at it. The fact that it breaks is therefor neither lack of knowledge nor apathy, at least, not at the technical level.

"The purpose of an audit is to reveal that incompetence and/or apathy has taken place so that it may be corrected in the future."

Ha! So many times that's the *declared* purpose. The real purpose is to cover managerial asses. Since that can be done with less time/money than the real thing, that's what you get.

"Good auditing may mitigate this issue"

For some definitions of "good". If your manager happens to have a different definition for "good", well, tough luck.