The largest risk to an organisation’s IT security? = Employee’s!
5th December 2011
With the increasing risk of cyber-crime, IT security will be at the top of most company’s agenda for 2012. According to a new report by PriceWaterhouseCoopers (PwC), cyber crime is the third most common threat of economic crime that has affected UK firms in the last 12 months.
The government has also recognised the importance of companies protecting their IT environment with the recent release of their Cyber Security Strategy. This strategy sets out the UK’s plans to build a more trusted and resilient digital environment. According to a statement issued with this strategy, this “heralds a new era of unprecedented co-operation between the government and the private sector on cyber security, working hand in hand to make the UK one of the most secure places in the world to do business”.
A report released by Verizon’s Business 2010 ‘Data Breach Investigations for 2009’ revealed that 40% of data loss occurred due to hacking and 38% due to malware. In 2011, the continued threat of hacking has been highlighted by the breach of computer system’s owned by Sony in which confidential customer data was stolen. Other high profile breaches that have highlighted the proliferation of hacking include Citi and RSA. A report commissioned by the Cabinet Office and published in February 2011 estimated that businesses lost £21bn to hackers whilst UK citizens suffered a loss of £3.1bn.
This highlights the importance of protecting a company’s IT systems. Potential damage to businesses can include:
• Business downtime / lack of business continuity
• Theft of intellectual property
• Loss of confidential material – including customers financial details
• Adverse publicity and loss of reputation
• Large financial costs to re-establish business continuity and to ensure systems are secure
• Contamination of data integrity
PwC also identified that four out of ten firms have reported that they don’t have the ability to detect and prevent cyber crime. Prevention, as they say, is better than cure therefore with the growing threats and changes in technology such as advanced mobile devices and cloud computing, it is imperative that all businesses have the ability to detect IT security risks. This can be achieved through vulnerability assessment and penetration testing.
Vulnerability assessment and penetration testing enable you to identify security risks in your systems and to fix them before an attacker infiltrates and exposes them. They provide a view of the system from a malicious attacker’s perspective. The goal is to identify any infrastructure problems before somebody with more nefarious motives does. Vulnerability assessment and penetration testing services can provide you with a piece of mind that your internal and external IT systems have been rigorously tested and that your infrastructure security is maintained to the highest possible standards. Such solutions also enable you to integrate a robust risk and asset management solution into your ISO 27001 processes and documentation.
Key Benefits of a Vulnerability Assessment:
• Gain immediate insight into the security posture of your networks, operating systems, databases and web applications.
• Automate all steps in your vulnerability management life-cycle from discovery to prioritisation and issue resolution.
• Get enterprise-class protection with up to date scans for over 14,000 vulnerabilities and 54,500 checks.
• Ensure compliance with policies, auditing guidelines and regulations.
• Mitigate risk by identifying and fixing the most critical security threats in your infrastructure with customisable risk scoring.
• Increase productivity and reduce resolution times through streamlined step-by-step re-mediation reports and task delegation.
• Deploy a complete managed service.
Key Benefits of a Penetration Testing:
• Gain immediate insight into critical security threats in your IT infrastructure.
• Save time and costs in re-mediation and notification costs by avoiding network downtime and/or averting a breach.
• Create a heightened awareness of security’s importance at the executive level.
• Determine if potential vulnerabilities represent real threats to your infrastructure without being burdened by a large number of false positives.
• Simplify and accelerate your security testing programme.
• Meet regulatory compliance and prepare for security audits by implementing a formal security testing programme.
• Enhance your overall security by pro-actively eliminating identified security threats.