SAYS THREATS FINANCIALLY MOTIVATED Exec: IT security must evolve quickly
Posted February 25, 2009on:
MAKATI City, Philippines — Today’s era of borderless enterprise poses greater challenges for information technology security with information becoming the new currency across businesses, an executive said.
“The IT security landscape has fundamentally changed. Traditional security is no longer relevant and companies today need to deploy endpoint IT security to protect their major asset: information. And awareness among IT persons and decision makers are relevant to address these issues,” Lumension CEO and chairman Pat Clawson said during a briefing here.
IT security threats like malicious software and codes are now financially motivated and more targeted, said Clawson.
In 2007, about 5.49 million unique samples of malicious software and code were found, the executive said. About 75 percent of businesses are targets of malicious software and code, he added.
Most companies are unaware that as information gets mobile and moves beyond the company firewall, they face greater risk of data breach, Clawson said.
Mobile devices and social networking applications, such as Skype and instant messengers, where files can be sent can open the company’s network to risk daily, he said.
“Managing data risks is a multi-faceted approach and includes managing vulnerabilities and protecting data across four platforms: technology, business processes, information and people. This is ushered by the convergence of roles in operational IT and IT security,” he said.
To achieve optimal data security for the company, Clawson shared that companies should manage vulnerabilities, protect data and put up endpoint security over traditional security.
Market research analyst Gartner reported that over 90 percent of cyber attacks exploit known security flaws for which a remediation is available.
“So if we proactively plug these holes, we can prevent 90 percent of these data threats,” said Clawson.
To protect data, it is important that companies should educate and develop policies for its people to avoid data leaks that can lead to data breach.
In 2007, about 49 percent of all data breaches in 2007 include lost or stolen laptops and other mobile devices like USB, said Clawson.
Recovering from a singe data breach costs $6.3 million on the average. Once a company has been exposed to data breach, customers lose their trust and 40 percent are likely to leave, of which 20 percent will discontinue ties, Clawson said.
Companies can perform white-listing of the updated and approved applications to run within the company firewall. Under blacklisting, websites like social networks, can be blocked to protect the PC and the company’s network from unnecessary patches.
Technological innovations, such as cloud computing and virtualization, also pose bigger security threats as virtual servers share one physical machine, thus opening doors for data security risks.
“Uptake of these technologies is growing across industries but the risks attached to them are not fully understood yet thus we must be caution is required in adoption,” said Clawson.
When asked to comment about the future of the IT security landscape, Clawson said the industry will have a slow-paced growth. Drivers for growth will focus on technologies that can address sophisticated attacks and applications control for governmental risk and compliance software, and mobile and virtual environments.
An executive forum was held recently to increase the awareness among top management of private and government sectors about cyber security and the changing IT security landscape, said Jun Santos, VSSC Distribution Inc., local partner of Lumension.