Why IT Security Matters to Businesses of all sizes?Posted on Jun 14, 2012 in Blog | 5 comments
Is there any week when there is no new headlines in the media about IT Security?
Many companies today use IT infrastructure to deliver some of their services or to design products or to help or assist its customers, thus making them somewhat dependent on some form of IT infrastructure. IT infrastructure like any man made system is often targeted by criminals who would like to make a quick profit. Small and Medium businesses are most often targeted in this regard. In 2011 60% of IT Security attacks were targeting SME*, because 80% of the time these SME companies do not invest enough resources in modern technology and IT security is not at the top of their agenda. The strange thing is over 75% of new products are created/invented by SME.
With the proliferation of mobile devices that can access data, anytime and anywhere it is becoming a nightmare for traditional IT security experts to secure enterprise data and systems. Moreover these mobile devices are not uniform in their generic make-up. There are Apple devices, Android based devices and Blackberry systems, each with its unique challenge when we look into the security aspect of these devices. In 2010 there were only 6 malware that could really harm mobile devices, in 2011 there were 62, and thus we can only guess what the number will be in 2012. Surely it is set to rise way above the previous records.
To make things a little more complicated now and in the not too distant future, companies plan to migrate all their data onto the Cloud (as of today every 5 minutes, a company is deploying a cloud solution**), which can be Private (where the company is in charge of all aspect of the Cloud including Security and Maintenance) or Public (where the company does not have full control of the entity, however the security aspect of the solution is entirely your responsibility). We looked at Three different contracts of Public Cloud where it states that if the data in Cloud were breached the responsibility of this falls on the enterprise not on the Cloud provider. One of the challenges every company is facing, is that Cloud security is much more complex and different from a normal/traditional IT security infrastructure.
To put the last nail in the coffin of traditional IT security experts, recent attacks are more complex, with the usage of Advanced Remote Access Trojan (ARAT) or Advanced Malware like Stuxnet or Flame, Or special botnet which target only the sensitive information that are in corporation database Network Access Storage (NAS) system; however the complexity of these malware does not stop there, it combines sniffing the network traffic, taking screenshots, recording audio conversations, intercepting the keyboard keystroke and moving this data out of your corporation in stealthy way, therefore most firewalls and IDS will not be in a position to detect these attacks in the network for a very long period. For example we tested a botnet at the beginning of May that no anti-virus solution in the current market can detect, even http://virusscan.jotti.org/ which has 21 anti-virus scanners could not detect this program as being malicious.
However all hope is not lost as the battle against these security attacks is a continious one. For example for those who are concerned with Mobile device security you can implement a 7 step Security process that can help you be ahead of the game. Now I know most IT security experts’ reaction will be let’s ban these devices from the corporate network and the problem is solved. For example we can tell you few examples of corporation mobile devices that have been compromised while the executive was travelling, this is a new traget for Cybercriminals . Therefore we can tell you with certainty that you will make this problem worst.
Here are few Security steps that you need to follow to help your business
- Implement an anti-malware, anti-spam, firewall solution for these mobile devices.
- Utilise a product like Cisco Identity Service Engine (However any Identity management solution should help, this is just an example).
- Know what local data these mobile devices have accessed and make sure that they use something that is one time password every time they access this data.
- Focus on data not on mobile devices, as people will target the data. The mobile devices are just the gateway to get to the data. Therefore every 3 months carry out an audit of the mobile device access.
- Deploy a Mobile Device Management (MDM) solution that takes into account how your business uses your internal data.
- Setup your systems, so that people access data in role model type, something like an Active Directory from windows which does this very well.
- Be smart and review your mobile security strategy every month and be dynamic about your strategy. This means that you need to review the amount of data a mobile device is accessing per month. Put in place a base line and if this base line changes significantly, you know that there could be an intruder in your system.
In conclusion and with reference to Private cloud security, the key to your security success in that respect will be to focus on protecting your data. The number of measures that you will need to deploy is so complicated and vast that we cannot cover this issue in one article. But all you need to remember and constantly use as part of your strategy planning is that the battle has moved from the destruction of systems unto stealing of data, because everybody now realises that data is a much more important commodity in IT, this is the new war that IT security experts must win from today.
For further information about your IT Security Issues calls us today on 441733 808404.