Magazine article New Zealand Management

Risky Business: Halting the Hackers and Crackers: Ignorance of Security Problems Is No Longer an Excuse. A Growing Raft of Legislation Says the Buck Stops with the Boss

Magazine article New Zealand Management

Risky Business: Halting the Hackers and Crackers: Ignorance of Security Problems Is No Longer an Excuse. A Growing Raft of Legislation Says the Buck Stops with the Boss

Article excerpt

There was a time when business security simply meant a bolt on a solid door, locked filing cabinets, a safe with a secure combination, burglar and fire alarms and paying a surveillance company to put your building on its nightly rounds.

While these remain high priority, the pervasiveness of the internet and the growth of sensitive and critical information flowing electronically around modern businesses has incrementally increased vulnerability.

Gartner Group says this is the year of reckoning for IT security in Asia-Pacific. Its latest survey of chief information officers from more that 30 countries ranks security as the number-one technology priority for 2005. It says the convergence of serious threats to business security is now coming from professional criminals, not bored teenage hackers.

As the business world goes increasingly mobile and wireless--whether it's cellular connectivity or Wifi, notebooks, PDAs or smart phones--the likelihood of prying eyes sniffing out sensitive information or intercepting online activities is increasing exponentially.

A piecemeal approach to security is no longer the way to go. Companies need a strategy, a whole of business approach, based around an audit of corporate needs, written into a security policy.

No one, for example, should be able to attach personal laptops to the company network or load cd-roms or software with out clearance from the IT manager and a thorough malware scan.

This policy should define how outside parties communicate electronically, what level of access they will have to computer systems and what is considered 'normal' behaviour in order to determine firewall rules which exclude abnormal behaviour.

According to a 2004 survey by IDC New Zealand, only 10 percent of respondents had planned to boost security last year. However by April it was clear hackers, crackers and those on phishing expeditions were running riot and the release of internet nasties such as worms and viruses was nearing plague proportions.

These internet borne threats forced users across the country to push past their conservative security plans and invest in furious last minute fortification. As the dust cleared IDC found that in fact 30 percent of local companies ended up bolstering security.

Rather than an afterthought the top five dedicated security providers--Symantec, IBM, Cisco, McAfee and Microsoft--are all now top of mind when it comes to company IT buying intentions.

While the threat has abated somewhat Jenna Griffin, IDC's market analyst for services and solutions, says it is clear that crackers and developers of viruses are becoming more sophisticated. "These threats are becoming harder to secure against and prevent, and our latest survey suggests 35.2 percent of businesses will continue to invest in security in 2005."

Companies are now focusing on overall policies and prefer a single solution from one vendor rather than dealing with four or five vendors to get a secure infrastructure. Griffin says vendors who are partnering to provide all-in-one security solutions are well positioned to take advantage of that.

One of the core requirements for electronic security is to ensure software patches and fixes are up to date. Security advisories come out from Microsoft and other vendors on a regular basis but if the IT department doesn't keep on top of that the company is unnecessarily exposed.

What about passwords? Is a single static password for access into the corporate network or the desktop sufficient? No, according to the experts that's so 1990s. Multi-layered security including passwords that change frequently and possibly even biometric-access--where fingerprint readers are used to get into the computer and network or even into particular files--are favoured.

IDC says while 80 to 90 percent of those surveyed in 2004 had installed a firewall, anti-virus software, a virtual private network (VPN) or a combination of the three, only 40 percent planned to invest in the security 3As. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.