‘Biggest security risks are due to user error’

Get a free Techzine subscription!

Users yet again turn out to be the weakest link in the security of computer systems. This is suggested by a survey by IT security company Zscaler among its customers.

The research is based on ‘customers with thousands of workloads in AWS, Azure and Google Cloud Platform’. Zscaler also looked at user and application settings among customers using Microsoft 365.

Findings

The study found that 63 percent of users do not use two-step authentication to log into cloud environments. Half of users do not regularly change their passwords.

Administrators are also often sloppy, according to Zscaler: 92 percent don’t log access to cloud storage. This makes investigation difficult in the event of a cyber attack. In addition, SSH network ports are open in 26 percent of cases and RDP ports in 20 percent of cases.

Security problems to do incurrect use

Such practices make it easy for attackers to enter networks, according to Zscaler. In practice, many attacks also exploit human errors in network security. For example, the attackers behind the SolarWinds hack also managed to bypass security measures by simply trying commonly used passwords on poorly secured login pages.