Government attempts to improve information security through regulation have had no impact on the ability of hackers to break into corporate networks, according to 70% of self-identified hackers polled at the Defcon conference in Las Vegas in August 2009.
Furthermore, 15% of respondents said they believed that “regulations introduced by governments worldwide to implement privacy, security and process controls” had actually made hacking easier.
"While standards such as PCI-DSS [for example] provide a good baseline, organisations that assume achieving PCI compliance will solve their security woes are in for a rude awakening," said Michael Hamelin, chief security architect at Tufin Technologies, the security software company that conducted the study.
The poll of 79 delegates at the hackers’ convention found that 96% believe all security investments are worthless unless the firewall is properly configured and monitored. It also threw some light onto the ‘working’ habits of hackers.
For example, the most popular time to hack is weekday evenings, with only 15% of respondents preferring the weekends.
Happily, IT security managers can relax on their summer holidays in peace; 89% of respondents said that the summer holidays would have little impact on their hacking activity. The winter holidays are a different matter, however: 56% of respondents said that the Christmas period is the best time for corporate hacking.