Cyber crime revenues are already exceeding those of drug trafficking and the threats are increasing along with the number of devices accessing networks, International Data Corporation (IDC) South Africa senior research analyst Pieter Kok has warned.
“Security remains a key IT challenge and the focus is on business continuity. Only 5% of all organisations worldwide are adequately protected against cyber crime,” he says.
Organisations also need to be part of global networks, which opens the oppor- tunity for potential attacks, as global companies’ networks could be compromised from anywhere in the world.
IDC’s top threats for 2010 include casual intruders, insider system sabotage, spyware and data loss through employee error or malicious intent.
Only 50% of companies have formal security policies for employees to follow and only 33% educate their employees on these policies. “More money is lost from the inside than from the outside in terms of IT security,” says Kok. Companies need to exert greater control over the infor- mation coming in and going out of an organisation.
Further, Web 2.0, which includes social interaction websites, could also pose threats of cross-site attacks, spam, hackers, malicious codes and phishing. Kok says that the adoption levels of Web 2.0 are expected to double, but this will be an additional threat that companies will have to handle through continuous monitoring.
He adds that virtualisation and cloud computing are also changing the IT landscape, but the requirements for IT security remain the same. Security effectiveness must not be sacrificed for the benefits of virtualisation.
Network security appliances company Fortinet points out that security threats in the cloud include critical data out- side the perimeter, privileged-user access, an expanded attack surface, service level attainment, lack of regulatory compli- ance and cross virtual server virus pollination.
Regional manager for sub-Sahara Africa Perry Hutton adds that security in a cloud computing or virtualisation environment consists of a number of measures, including preventing infections from cross-pollinating between virtual members. Security should also be information- centric, as access is available to data outside traditional networks, and better application control is required. He also emphasises that there must be more functionality to security in the cloud environment.
Hutton names three critical success factors for cloud computing providers, namely capability, credibility and con- tinuity. IT systems and security management must have the capability to support the business model and there must be con- tinual building of trust and brand to attract customers. Credibility is gained through being able to prove and demonstrate IT and secu- rity management effectiveness to attract customers.
Meanwhile, BMC Software business solutions manager for Southern Europe Cyril Gobrecht says that security is a necessity to reduce risk and ensure regu- latory compliance. The current reality is that many secu- rity activities are carried out manually, but automation can assist by improving the quality of security, improving busi- ness impact, providing more transparency, reducing risks and lowering costs.
Kok adds that security services can offer cost effectiveness, enable compliance monitoring and allow a company to focus on its core business.
He concludes that prevention is better than cure and security budget cuts should be made with caution. Information is the new currency and data protection solutions will be required to better protect businesses.
|
|
