Why IT Security Matters to Businesses of all sizes?

Is there any week when there is no new headlines in the media about IT Security?

Many companies today use IT infrastructure to deliver some of their services or to design products or to help or assist its customers, thus making them somewhat dependent on some form of IT infrastructure. IT infrastructure like any man made system is often targeted by criminals who would like to make a quick profit. Small and Medium businesses are most often targeted in this regard. In 2011 60% of IT Security attacks were targeting SME*, because 80% of the time these SME companies do not invest enough resources in modern technology and IT security is not at the top of their agenda. The strange thing is over 75% of new products are created/invented  by SME.

With the proliferation of mobile devices that can access data, anytime and anywhere it is becoming a nightmare for traditional IT security experts to secure enterprise data and systems. Moreover these mobile devices are not uniform in their generic make-up. There are Apple devices, Android based devices and Blackberry systems, each with its unique challenge when we look into the security aspect of these devices. In 2010 there were only 6 malware that could really harm mobile devices, in 2011 there were 62, and thus we can only guess what the number will be in 2012. Surely it is set to rise way above the previous records.

7 IT security steps for businesses to protect their IT infrastructureTo make things a little more complicated now and in the not too distant future, companies plan to migrate all their data onto the Cloud (as of today every 5 minutes, a company is deploying a cloud solution**), which can be Private (where the company is in charge of all aspect of the Cloud including Security and Maintenance) or Public (where the company does not have full control of the entity, however the security aspect of the solution is entirely your responsibility). We looked at Three different contracts of Public Cloud where it states that if the data in Cloud were breached the responsibility of this falls on the enterprise not on the Cloud provider. One of the challenges every company is facing, is that Cloud security is much more complex and different from a normal/traditional IT security infrastructure.

To put the last nail in the coffin of traditional IT security experts, recent attacks are more complex, with the usage of Advanced Remote Access Trojan (ARAT) or Advanced Malware like Stuxnet or Flame, Or special botnet which target only the sensitive information that are in corporation database Network  Access Storage (NAS) system; however the complexity of these malware does not stop there, it combines sniffing the network traffic, taking screenshots, recording audio conversations, intercepting the keyboard keystroke and moving this data out of your corporation in stealthy way, therefore most firewalls and IDS will not be in a position to detect these attacks in the network for a very long period. For example we tested a botnet at the beginning of May that no anti-virus solution in the current market can detect, even http://virusscan.jotti.org/ which has 21 anti-virus scanners could not detect this program as being malicious.

However all hope is not lost  as the battle against these security attacks is a continious one. For example for those who are concerned with Mobile device security you can implement a 7 step Security process that can help you be ahead of the game. Now I know most IT security experts’ reaction will be let’s ban these devices from the corporate network and the problem is solved. For example we can tell you few examples of corporation mobile devices that have been compromised while the executive was travelling, this is a new traget for Cybercriminals . Therefore  we can tell you with certainty that you will make this problem worst.

Here are few Security steps that you need to follow to help your business

  1. Implement an anti-malware, anti-spam, firewall solution for these mobile devices.
  2. Utilise a product like Cisco Identity Service Engine (However any Identity management solution should help, this is just an example).
  3. Know what local data these mobile devices have accessed and make sure that they use something that is one time password every time they access this data.
  4. Focus on data not on mobile devices, as people will target the data. The mobile devices are just the gateway to get to the data. Therefore every 3 months carry out an audit of the mobile device access.
  5. Deploy a  Mobile Device Management (MDM) solution that takes into account how your business uses your internal data.
  6. Setup your systems, so that people access data in role model type, something like an Active Directory from windows which does this very well.
  7. Be smart and review your mobile security strategy every month and be dynamic about your strategy. This means that you need to review the amount of data a mobile device is accessing per month. Put in place a base line and if this base line changes significantly, you know that there could be an intruder in your system.

In conclusion and with reference to Private cloud security, the key to your security success in that respect will be to focus on protecting your data. The number of measures that you will need to deploy is so complicated and vast that we cannot cover this issue in one article. But all you need to remember and constantly use as part of your strategy planning is that the battle has moved from the destruction of systems unto stealing of data, because everybody now realises that data is a much more important commodity in IT, this is the new war that IT security experts must win from today.

For further information about your IT Security Issues calls us today on 441733 567259.

 

*http://www.gartner.com/technology/research/security-risk-management/cloud-security.jsp           **http://blogs.vmware.com/

IT Security For Business


5 Comments

  1. silver account

    Users have long believed that their mobile devices were free from the threat of Trojans or botnets, but new research from the Georgia Institute of Technology warns that this could soon change. In fact, the first wave of mobile security threats is already here.

  2. Nike air max 95

    I’m no longer positive where you are getting your info, but great topic. I must spend a while finding out more or figuring out more. Thanks for excellent information I used to be in search of this information for my mission.

  3. claudia hammer

    Security is no longer confined to the organization’s perimeters. For years, user authentication served a vital role in organizations’ security policies, securing networking access, protecting user identities and ensuring that users are who they claim to be. But as new business environments like the cloud and the increased use of mobile devices emerge, organizations find they need to quickly adopt new models for authenticating their users to offset potential threats. In this program, Gartner, Vodafone and SafeNet will discuss the emerging authentication models that organizations are adopting; new approaches to user authentication driven by demanding cloud and virtualized environments that are transforming traditional security paradigms; intelligent authentication strategies that can drive value and cost savings; and how you can ensure these implementations will scale as business needs evolve and new environments emerge.

  4. Hey would you mind sharing which blog platform you’re working with? I’m going to start my own blog in the near future but I’m having a difficult time making a decision between BlogEngine/Wordpress/B2evolution and Drupal. The reason I ask is because your layout seems different then most blogs and I’m looking for something unique. P.S Sorry for being off-topic but I had to ask!

  5. edward chale

    Wonderful post however I was wondering if you could write a litte more on this topic? I’d be very thankful if you could elaborate a little bit further. Cheers!

Trackbacks/Pingbacks

  1. marshall - Pay attention to this one-way journey into knowledge. Bookmark