Despite the advancements made in security infrastructure, it`s still astonishing to note that most companies still base Internet security on perimeter controls like firewalls. In fact, according to the 2005 edition of the Australian Computer Crime and Security Survey, 98% of companies still use firewalls and/or anti-virus software (99%) with some form of access control.
However, there is some good news as the prevalence of reusable passwords has dropped from 100% in 2002 to a recent 60%. This indicates that some successes were made in educating the user community on password security and the enforcement of an acceptable usage policy that underpins the use of passwords.
As for the mitigation of security incidents, the survey notes that 67% of respondents have some form of incident management procedures in place with a low 13% indicating computer forensic capability.
What is interesting and alarming is that only 31% of companies that did suffer security incidents reported this while only 18% successfully prosecuted the relevant offenders.
Favourably, virus and worm infections dropped from 88% in 2004 to 64% in 2005, indicative of the high-level malicious content activity in 2004 as well as more successful deployment of risk mitigation measures.
Sadly, the misuse of e-mail, Internet access and system resources by insiders is still high (68%). This may be as a result of limited successes in communicating acceptable usage policies or failure to implement technical controls to enforce said policies. Having these policies in place can initially be a drain on resources but having policies without "teeth" will not discourage such abuse.
When looking at the types of loss experienced we see that laptop theft and malware infections are rated very high, with denial of service (DoS) attracting the highest loss value. The value of proprietary information on these mobile computing devices are not included, but may be significant, justifying some form of file encryption to ensure proprietary information is not exposed.
Also, the recovery time from malware infections remains the highest followed by laptop theft and insider abuse of Internet access, e-mail and internal computer resources.
However, despite the above, existing technologies can assist companies in speeding up their recovery times. Regular desktop and notebook backups coupled with the basic device DNA, located on offline storage, will undoubtedly speed up recovery. The implementation of stronger access control to network-attached systems, where user rights are challenged will also reduce the unauthorised use of system resources.
Tied loosely with the above we learn that organisations are struggling with configuration management as well as keeping technology up to date. Unfortunately there is little relief in this space other than using technology that enables security managers to stay up to date with new vulnerabilities when it hits the wild.
Additional solutions can be deployed that scan local machines for vulnerabilities, matching these against a database. Furthermore, advanced solutions can also provide remediation techniques, assisting with the timely deployment of security patches and general software updates for popular operating systems and applications.
Managing this in a non-intrusive way, while still ensuring critical systems are always up to date is now more important than ever. The vulnerability window needs to be reduced to the minimum as we are experiencing more and more zero day exploits targeting new exposures within weeks or even days from their launches.
In closure, knowing what assets you have under control; what their vulnerability status is; who has access to them; and being able to determine who has accessed what at any given time will put you into the strongest defensive position.
Share
Editorial contacts