Companies need the unabbreviated truth about their IT security standpoint

Information systems change all the time. Couple this with the fact that new threats arise constantly and it's easy to see why security systems implemented or updated last month can't keep pace with security requirements right now. The truth is that securing an IT environment is extremely complex, and it's not something that is stagnant either. Companies need the unabbreviated truth about their IT security standpoint, and most won't like what they find.

This is according to Richard Broeke, General Manager at Securicom - a leading South African managed IT security services company.

"Our experience shows that a company's security posture is directly related to the possibility of a security incident or breach taking place. Less in the way of IT security definitely means more when it comes to risk. Making up a company's security posture are all the measures that are in place to prevent a breach. Much like the security interventions on a physical property, such as alarms and electric fences, help to reduce the risk of a break in, IT security measures such as firewalls and intrusion detection and the like reduce the risk of a security breach on a network. Companies that don't have a grip on their security posture don't have a view of how effective the systems they have in place are. When they look, perhaps only after a breach of sorts, they find that their networks and critical data are wide open to attack," says Broeke.

He advises a vulnerability assessment followed by regular health checks on the IT environment to determine the security standpoint.

"A vulnerability assessment from the Internet coupled with a threat assessment of what traffic is actually on the network is the starting point for any business that has no view of their security posture. These typically don't take a long period of time and the information garnered from these tests provides a great blueprint from which to work. Based on the findings, a combination of technical and process controls can be implemented to achieve an acceptable level of security without impacting users' experience or business continuity."

According to Broeke, most of the new clients commissioning Securicom to conduct once-off vulnerability scans believe that they've got their security "sorted". However, more than 90% of the vulnerability assessments conducted result in changes or upgrades to the security infrastructure to bring it up to speed.

Broeke stresses that the focus should never be on simply filling the gaps. What results is almost always a patchwork of point solutions which don't integrate all that effectively. Poor integration and lack of monitoring mean that any changes in any of the systems can knock the rest out of kilter.

"The emphasis should rather be on the overall bigger picture. If there is an effective security management strategy, which includes monitoring, visibility and the management of appropriate technology components, then the gaps close automatically by virtue," he explains.

In addition to just assessing the security posture Securicom provides end-to-end security management that is relevant to the findings and tailored to the specific company's requirements; where relevant this can be as advanced as implementing its Cyber Threat Management service, providing real-time security monitoring and reaction via our team of security analysts that watch over your environment 24x7x365. All this is provided at a price point that most of our new customers are surprised at when first presented.

"This way, companies always have an accurate view of the security posture of the IT environment. It is the only way to avoid being caught off guard in an era when cyber crime, fraud and identity theft are big business," concludes Broeke.