It could be a cry of fatigued exasperation or a note of unexpected confidence but it is no less surprising for it. According to a survey carried out on behalf of security vendor Secure Computing, 24 percent of network managers confessed that they were “not at all concerned” about the possibility of a security hole being found in their company firewalls.
According to Secure they should be, with last week’s disturbing emergence of the so-called “witty” worm that specifically targeted an ISS firewall giving IT managers an early warning of what is coming over the horizon.
The figure should be put in context though - the remaining three-quarters of those polled said the possibility of a firewall security hole would (repeat, would) make them concerned.
The survey, “Patched Security: Practices for Applying Critical Fixes to Firewalls” [pdf], compiled from the replies of 111 IT managers based in medium-to-large companies in the US, also found that 84 percent of firewalls managed by the questioned group required patching considered “critical” in the previous 12 months.
Staff were also spending an increasing amount of time patching systems, with 36 percent spending more than 16 hours upgrading or patching firewalls in a year.
Patching - or people’s failure to do it or struggles to keep up with it - seems to be the important issue in all this, regardless of the degree of worry people have over firewalls being compromised. Two thirds said they saw patch management as “very” or “somewhat important”, leaving the complacent third who didn’t seem concerned at all.
What can’t be gauged from such a small sample is whether there really is a hardcore who really are neither concerned or see the need for good patch management. Or if they are just too terrified to give a coherent answer when phoned up by surveyors.