One in ten IT professionals cheat on firewall audit

Vulnerable computers

A survey released today has revealed infrequent firewall audits have led to questionable actions in the private IT sector and could lead to security risks.

The research, by Tufin Technologies, showed one in 10 IT professionals admitted they or a colleague had cheated on an IT audit to make it pass muster.

A lack of time and resources were the main reasons given by those who admitted to cheating, the survey said.

Michael Hamelin, chief security architect at Tufin Technologies, said companies that conduct audits irregularly are a cause for concern because out of sync firewall rules leave networks open to exploitation.

"Without the right automation tools, managing firewalls is complicated and time consuming making it very tempting for IT professionals to cheat to get their audit passed. But in the long run it will only cause more problems," Hamelin said.

Of the 242 respondents, 25 per cent said firewall audits took a week to conduct, and 30 per cent said they audited only once every five years.

More than a third of respondents said their firewall rule bases were a mess and were susceptible to hackers, network crashes and compliance violations.

The research comes at a time where the new coalition Government is making efforts to be more open with its data, releasing the numbers on public sector spending and IT contracts.

However, the survey claimed private IT companies only invested into and pay attention to the firewalls selection process, instead of following them up and making sure they were fully optimised.