• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • About Darknet
  • Hacking Tools
  • Popular Posts
  • Darknet Archives
  • Contact Darknet
    • Advertise
    • Submit a Tool
Darknet – Hacking Tools, Hacker News & Cyber Security

Darknet - Hacking Tools, Hacker News & Cyber Security

Darknet is your best source for the latest hacking tools, hacker news, cyber security best practices, ethical hacking & pen-testing.

GFI Survey – 4 in 10 US Companies are NOT Secure!

January 9, 2008

Views: 3,680

GFI has recently conducted a survey concering corporate security in the US for small and medium sized enterprizes (SMEs).

Despite the best efforts of many small and medium sized companies, a recent US survey shows that four in 10 companies believe that their networks are not secure. Thirty-two percent of the companies also reported that they had suffered a breach in the past 12 months alone citing virus attacks and Internet downloads as the leading cause of the security breach.

The survey, conducted by eMediaUSA on behalf of GFI Software, an international network security software developer, was given to 455 IT executives from U.S. based small and medium sized businesses (SMBs).

Commenting on the results, Andre Muscat, GFI’s Director of Engineering, said: “Email viruses top the ‘greatest threat to network security’ list and this does not come as a surprise. It is one of the easier attack routes and this is confirmed by those respondents who reported a breach. While companies are aware of, and are focused on, tackling viruses and malware, they appear to be giving sparse attention to other equally dangerous threats such as data theft and leakage from endpoints such as connected USB sticks, iPods and PDAs on the network.”

Further results on the survey can be found in the full survey here:

smbsurvey.pdf

Source: GFI

Share
Tweet
Share
Buffer
WhatsApp
Email
0 Shares

Filed Under: Advertorial Tagged With: corporate security, gfi, Information-Security, Security



Reader Interactions

Comments

  1. Patrick Ogenstad says

    January 9, 2008 at 12:00 pm

    Though there is a huge different in thinking you are secure compared to have something to backup those claims with.

    It would have been interesting if they had asked: “How would you rate your knowledge in network security and protecting a network”?

  2. Nobody_Holme says

    January 9, 2008 at 12:01 pm

    4/10 admit it… i’m thinking its more like 9/10 really had breaches in the last 12 months… although some of them probably didnt notice.

  3. Sir Henry says

    January 9, 2008 at 3:02 pm

    @Patrick:

    That would be the better question to ask. At that point, you could then figure out the rough statistics and probabilities based upon their lack of knowledge.

    @Pantagruel:

    I agree with you on this completely. Either they do not know, or they are not in full disclosure.

  4. Pantagruel says

    January 9, 2008 at 3:04 pm

    Quote:
    ‘.. they appear to be giving sparse attention to other equally dangerous threats such as data theft and leakage from endpoints such as connected USB sticks, iPods and PDAs on the network ..’

    Unfortunately this is true, I just happened to try whether an USB stick would work (or not) on one of the many computers which are supposed to grant limited access. I was quite dismayed that 1) no one bothered asking if I was allowed to touch the computer in question (a few funny looks but all walked past me) and 2) the stick was accessible. A reboot showed the BIOS to be pw protected, but they simply forgot to deactivate the USB ports on the front of the machine (or install some auth program to regulate device access).
    Shame on the admin/installer

  5. sids911 says

    January 9, 2008 at 4:32 pm

    6 Out of 10 Companies are Secure?????

    Well, people are surely investing more in False Sense of Security!

  6. Ubourgeek says

    January 9, 2008 at 4:32 pm

    I concur with with Nobody_Holme – the number is probably much higher than 4/10. I retired from Federal service for the private sector and thus far I have been surprised (and disturbed) by the poor security posture demonstrated by most private entities.

    Cheers,

    U.

  7. goodpeople says

    January 9, 2008 at 4:49 pm

    Well, it seems that we all have a hard time believing this study.

  8. Sir Henry says

    January 9, 2008 at 4:50 pm

    @Pantagruel:

    Your real world example just illustrates how companies still think that all the threats are coming from the outside. What they do not realize is that security needs to be equally strong on the inside, as it is on the outside. That and the thought process needs to change from the assumption that if anything occurs on the inside of the company, that is is simply a nefarious individual who always had malign intent. The latter is an ignorant stance that does not take into consideration that end user education is simply not happening; that if you allow devices from the outside to be indiscriminately used without some type of security check point, you are failing your security policy.

    One thing I have seen in regard to device control is that the checks are becoming more intelligent. No longer do you simply have to block all removable media devices. Now there are fingerprints for each type of USB device that, in turn, can be white or blacklisted depending upon the security policy. That would help immensely on the inside by way of the company telling the end user that only x type of USB devices will be allowed and/or provided by the company. I think, in addition to this, a valuable function would be to store serial numbers or some type of identifier for the USB device so that, in the event of a breach or outbreak, it can be quickly and easily identified within the system as to the origin.

  9. goodpeople says

    January 9, 2008 at 6:25 pm

    Time for a little math here.

    We all know that half of all security issues com from the inside. So if 4 out of 10 companies had security breaches coming from the outside, we can safely assume that 8 out 10 companies don’t have their security in order.

  10. James says

    January 9, 2008 at 6:43 pm

    the only secure computer is one with no input/output

  11. James says

    January 9, 2008 at 6:45 pm

    and im not sure such a machine would be that user friendly.

  12. Sir Henry says

    January 9, 2008 at 6:46 pm

    @James:

    I am sure that such a machine would be extremely boring, too. I am such an addict when comes to being online.

  13. goodpeople says

    January 9, 2008 at 7:20 pm

    Oh, the computer can have input nd output. As long as it’s not connected to anything else than the power grid. The external connections is where the danger lies.

    And for being an addict.. I don’t go on vacation where my PDA doesn’t have GPRS coverage.. :-/

  14. Pantagruel says

    January 10, 2008 at 11:27 am

    @Sir Henry.

    Absolutely true. The sad thing is that the perimeter security is quite ok, the division in question is behind a badge reader and very few people slip in in someone else’s ‘slipstream’ . People did receive some education about not letting in unknown colleague’s who seem to have forgotten their badge.

    Again true, only a few years ago we started experimenting with device controle and it was quite simple. Anything but the stick acquired from the solution provider would work, severely hampering donglefied software (I personally hate that stuff). After some switched our dept’s latest solution is indeed more intelligent, allowing other devices to be entered into the white list (or blacklisting when users misplace their stick) and logging of transmissions is supported.

    No in/output puts us back in the proverbial dark-ages, somewhat useless with the amopunt of data we generate and process using a computer.

  15. Nobody_Holme says

    January 11, 2008 at 11:58 am

    @Ubourgeek
    I hate to mention it, but most US government groups get owned on a regular basis…
    If security outside is that much worse, I’m quite worried.

    Also, there can never be true security without a deadly lack of interaction. Its a conundrum faced by all security experts (of all times since like, the gate guards on some ancient castle, say, and that food wagon with a spy driving it).

  16. eM3rC says

    February 7, 2008 at 5:21 am

    This article seems very fascinating to me. I think the numbers of vulnerable computers (in companies of course) would be much higher than 40%. Of the companies that I have worked at, many of the computers were not protected by any kind of malware software, while other only had an 8 year old version of norton. To battle this I think many companies should be warned of the malware world and how serious it actually is.

    As our society begins to become more and more dependent on computers the complexity of the threats will constantly change and become more hazardous. It needs to be brought into focus now and addressed to the best of companies abilities regardless of the cost (could hundred dollars is a far better loss than all the companies records).

    @Sir Henry
    I am not surprised you were able to get in. I bet of the computers reviewed security wise you would be able to get into 99% of them. Shows you how good their ITs are.

  17. J. Lion says

    February 11, 2008 at 11:04 pm

    Well – security is only for the big companies. It won’t happen to us. (fingers crossed)

  18. Sir Henry says

    February 11, 2008 at 11:10 pm

    @J.Lion:

    If your company has sensitive data, or a need to keep some portion of its data private or secure, then security it not only for big companies. I really do not think security it only for big companies, simply for the fact that data, regardless of the company size, has commensurate value to someone out in the wild.

  19. eM3rC says

    February 12, 2008 at 2:05 am

    @Sir Henry/J. Lion

    Total agreement with you. If a company posses any kind of sensitive data (ie any customer information which is pretty much every company in existence) it should do whatever it can to protect its clients. Although it may seem like an extra cost for the company it is worth every cent.

Primary Sidebar

Search Darknet

  • Email
  • Facebook
  • LinkedIn
  • RSS
  • Twitter

Advertise on Darknet

Latest Posts

Best Open Source HIDS Tools for Linux in 2025 (Compared & Ranked)

Views: 420

With more businesses running Linux in production—whether in bare metal, VMs, or containers—the need … ...More about Best Open Source HIDS Tools for Linux in 2025 (Compared & Ranked)

SUDO_KILLER - Auditing Sudo Configurations for Privilege Escalation Paths

SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths

Views: 469

sudo is a powerful utility in Unix-like systems that allows permitted users to execute commands with … ...More about SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths

Bantam - Advanced PHP Backdoor Management Tool For Post Exploitation

Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation

Views: 386

Bantam is a lightweight post-exploitation utility written in C# that includes advanced payload … ...More about Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation

AI-Powered Cybercrime in 2025 - The Dark Web’s New Arms Race

AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race

Views: 590

In 2025, the dark web isn't just a marketplace for illicit goods—it's a development lab. … ...More about AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race

Upload_Bypass - Bypass Upload Restrictions During Penetration Testing

Upload_Bypass – Bypass Upload Restrictions During Penetration Testing

Views: 557

Upload_Bypass is a command-line tool that automates discovering and exploiting weak file upload … ...More about Upload_Bypass – Bypass Upload Restrictions During Penetration Testing

Shell3r - Powerful Shellcode Obfuscator for Offensive Security

Shell3r – Powerful Shellcode Obfuscator for Offensive Security

Views: 726

If antivirus and EDR vendors are getting smarter, so are the tools that red teamers and penetration … ...More about Shell3r – Powerful Shellcode Obfuscator for Offensive Security

Topics

  • Advertorial (28)
  • Apple (46)
  • Countermeasures (228)
  • Cryptography (82)
  • Database Hacking (89)
  • Events/Cons (7)
  • Exploits/Vulnerabilities (431)
  • Forensics (65)
  • GenAI (3)
  • Hacker Culture (8)
  • Hacking News (229)
  • Hacking Tools (684)
  • Hardware Hacking (82)
  • Legal Issues (179)
  • Linux Hacking (74)
  • Malware (238)
  • Networking Hacking Tools (352)
  • Password Cracking Tools (104)
  • Phishing (41)
  • Privacy (219)
  • Secure Coding (118)
  • Security Software (233)
  • Site News (51)
    • Authors (6)
  • Social Engineering (37)
  • Spammers & Scammers (76)
  • Stupid E-mails (6)
  • Telecomms Hacking (6)
  • UNIX Hacking (6)
  • Virology (6)
  • Web Hacking (384)
  • Windows Hacking (169)
  • Wireless Hacking (45)

Security Blogs

  • Dancho Danchev
  • F-Secure Weblog
  • Google Online Security
  • Graham Cluley
  • Internet Storm Center
  • Krebs on Security
  • Schneier on Security
  • TaoSecurity
  • Troy Hunt

Security Links

  • Exploits Database
  • Linux Security
  • Register – Security
  • SANS
  • Sec Lists
  • US CERT

Footer

Most Viewed Posts

  • Brutus Password Cracker – Download brutus-aet2.zip AET2 (2,294,334)
  • Darknet – Hacking Tools, Hacker News & Cyber Security (2,173,085)
  • Top 15 Security Utilities & Download Hacking Tools (2,096,622)
  • 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) (1,199,681)
  • Password List Download Best Word List – Most Common Passwords (933,487)
  • wwwhack 1.9 – wwwhack19.zip Web Hacking Software Free Download (776,146)
  • Hack Tools/Exploits (673,293)
  • Wep0ff – Wireless WEP Key Cracker Tool (530,157)

Search

Recent Posts

  • Best Open Source HIDS Tools for Linux in 2025 (Compared & Ranked) May 14, 2025
  • SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths May 12, 2025
  • Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation May 9, 2025
  • AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race May 7, 2025
  • Upload_Bypass – Bypass Upload Restrictions During Penetration Testing May 5, 2025
  • Shell3r – Powerful Shellcode Obfuscator for Offensive Security May 2, 2025

Tags

apple botnets computer-security darknet Database Hacking ddos dos exploits fuzzing google hacking-networks hacking-websites hacking-windows hacking tool Information-Security information gathering Legal Issues malware microsoft network-security Network Hacking Password Cracking pen-testing penetration-testing Phishing Privacy Python scammers Security Security Software spam spammers sql-injection trojan trojans virus viruses vulnerabilities web-application-security web-security windows windows-security Windows Hacking worms XSS

Copyright © 1999–2025 Darknet All Rights Reserved · Privacy Policy