Q: How Seriously Should You Take Internet Security?

it_security“How seriously should you take internet security?” a client asked me this week.

I thought for a second and answered, “More.”

Wherever you are on the security maturity spectrum, you can be sure that the bad guys are redoubling their efforts to breach your defences.

An indicator of this is the growing size of the market. In their study “Global Internet Security Market – Size, Industry Analysis, Trends, Opportunities, Growth and Forecast, 2013 – 2020”, Big Market Research believe that the market will be worth $42.8 billion by the end of the decade – with a compound annual growth rate (CAGR) of 8.1% over that period – by my reckoning that equals £28,272,286,432. Not too shabby.

Most internet security is currently still delivered by software based solutions but over this period, in the same way that you can expect more organisations to move operationally to the cloud, so security will have be increasingly more cloud based too.

Time for a health check.

If you have not yet migrated to the cloud, ask yourself now “Will your current software based security hold you back?”. The answers will serve you well when you do move.

Another great question – “Will it protect you from threats as they evolve?”

When the first web based stores starting to trade, in order to protect your transactions, a lot of investment went into encryption and authentication protocols – emphasis was on the transmission of the data. All well and good.

But those developing early security measures could not have predicted the explosion in methods that ignored the transmission process altogether – targeting the device at either end of the transmission instead. They could not have foreseen the botnets or malware, the large-scale attacks that seek to wipe out entire infrastructure (like Stuxnet). Who knew that one day large scale unethical hacking attempts would be orchestrated or that sometimes they would be state sponsored? Who could have forecast PCs and mobile phones falling victim of ransom-ware, websites downed by distributed denial of services (DDoS)?

Indeed who foretold the spams, spyware, viruses, mobile worms infecting near-field communications devices (allowing criminals access to “wallet” accounts), the Citadel Trojan that allows much more targeted attacks and therefore exponentially potential greater financial gain for the criminal…and all of this is just off the top of my head … BUT who knew?!

If your security measures are still concentrated on the transmission of data it’s like driving your money to the store under armed guard only to fold the bank notes in to little paper airplanes and attempt to fly them though the letter box wearing a blind fold.

Most of the attention at the recent RSA cyber-security conference (attended by in the region of 28,000 threat analysts) was about securing the devices at either end of the transmission and not the transmission itself.

Writing about the recent weeklong get together, which was held in San Francisco, Brandon Bailey from Associated Press reports, “Hackers share information about software weaknesses in a variety of industries, quicker than companies can install “patches” to repair them.” One cyber security expert dramatically compared the threat and risk to the famous fault lines beneath the conference’s host city.

You can mitigate the risks.

Identity Management can secure sensitive applications and data, whether they are on premise or in the cloud by identifying users and controlling their access to resources according to the permissions associated with their trusted identity.

Identity management can also incorporate the automation of IT operations and corporate compliance of user provisioning, access management, corporate governance, enterprise risk management and password management.

With Business Service Monitoring (BSM) early symptoms of “the unusual” can be instantly identified and automated remediation efforts begin. Complex trend and event analysis quickly identifies abnormal conditions and their potential for impacting user experiences, enabling prioritization based on business impact.

A Managed Service approach that adapts to your business needs and the evolving landscape can provide best in class security solutions relevant to actual threats.

For businesses, the days of buying security off the shelf are probably coming to an end. The more bespoke your business and its IT and the more adept and targeted the criminal hackers get … the more bespoke and targeted your security will have to be.

No Comments

Leave a Comment

Show Buttons
Hide Buttons