The challenge of increasingly sophisticated worms, viruses and hacking tools has been compounded by the widespread use of broadband on inadequately protected corporate networks. This has resulted in an environment where malicious software can spread across the world at lightning speed.
While the release of a security patch can take days, the time between infiltration of an attack and its propagation throughout the business can now be measured in minutes rather than hours.
This reduction in time available to defend against secur
ity attacks is further aggravated by the increased complexity of the threat, with many viruses no longer acting in isolation but as sophisticated, multi-layered collaborations designed to confuse today’s security solutions.
So, what can be done to stop malicious intruders in their tracks and make careless users think twice before exposing themselves to attack?
Concerns with regulatory compliance, spam, worms/viruses and identity management are combining to inevitably drive the security market to ever-higher levels. Recent research reveals the security market is growing at almost three times the rate of overall IT spend and is expected to increase from 4.8 per cent to seven per cent of overall IT budgets by 2007.
The increased impact on business of lapses in security has ensured safeguarding a company’s systems is no longer simply an IT issue, but one that has grabbed the attention of senior managers. Those leading from the front are increasingly aware that security measures have to be implemented across a company in such a way that it enhances, rather than inhibits, a business.
A network security plan should involve a layered model of overlapping measures, in much the same way as tiles on the roof keep out the water. Crackers and intelligent viruses will target weak spots where two separate systems meet.
Securing business systems would be more straightforward if people were not involved. Most attacks come from legitimate users. Human error is often found to be the underlying cause of security breaches. As a result, security solutions must be simple, requiring little or no training.
To improve business protection, solutions must be able to adapt to emerging threats as they happen. This requires more than the vendors of security solutions being up-to-date with the latest threats. It needs the security solution itself to recognise an attack, even if it has no prior knowledge of the threat.
Ultimately, responsibility for security resides not in the technology, but in the attitudes and actions of the people. Technology can only keep the unpredictable human element in check when backed by a formal security policy.
It should include items such as an authentication strategy, defining the levels of passwords required for each type of user, including corporate, remote and dial-in users, and administrators.
Employees should also be made aware of what is considered to be acceptable use of the network. With broadband now widespread, the problem of employees downloading and distributing inappropriate material is reaching epidemic proportions. This content can contain viruses and other malicious code, as well as being potentially embarrassing for the employer.
It is necessary to mitigate the danger of malicious intruders using a well-planned balance of security technology, together with a company-wide commitment to adhere to procedures. Security solutions must be automated and proactive to threats, rather than reactive. A sea change has to occur in the way security is treated so that measures that are taken are preventative, rather than remedial. Only then will business return from the internet be maximised and risk minimised.
Richard Moir is systems engineering manager, Scotland, for Cisco Systems
