The only way in which companies can effectively secure their networks and data from external hacker, cracker and spam attacks is to adopt an integrated approach to security.
That`s according to Patrick Evans, managing director of Symantec, who told delegates at a recent Comztek/Symantec security event that most Internet attacks are no longer the benign and mischievous work of amateur hackers but rather malicious attacks by professional crackers bent on financial gain.
Comztek works with Symantec to educate resellers about security, and provide them with world-leading Internet security technology.
"The problem is that the majority of corporate security solutions today consist of several security products - from firewalls and anti-virus software, intrusion detection software, content filtering and vulnerability management systems - all acting independently.
"Each of these products has to be purchased, installed, deployed, managed and updated separately - opening the way for threats to slip through inadvertent cracks that occur because of the labour-intensive nature of this type of security management," he said.
Security is further compromised when companies use security products from different vendors as interoperability problems can occur. And when an outbreak does occur, having to install and test different vendor `fixes` can leave networks vulnerable for unacceptably long periods.
Evans maintained that companies need to urgently move towards the concept of an integrated security infrastructure that creates an environment of automated readiness.
He pointed out that Internet threats today are becoming increasingly sophisticated, and go way beyond traditional threats such as viruses and worms and even spam which, while not dangerous or threatening to data in the same way as are viruses or identity theft mechanism, can clog networks and result in the degradation of performance. Spam, of course, can also be infected with more sinister programs like worms.
"Today, identity theft - resulting from spyware, adware or phishing - is the major threat to corporate security. This is not merely a US and European phenomenon: South Africans are also being targeted, which is why it is so critical that we act today. The reality is that the Internet has created a global village of which we`ve all become citizens."
Phishing is particularly prevalent in SA and basically works, as the name hints, on a bait and catch scenario.
"In a nutshell, users are lured via e-mails to view the latest pictures on, for example, the recent London bomb blasts, by clicking on a Web link," said Evans.
"Perpetrators can then take control of your PC and ultimately your identity - and once an individual`s identity is known, it`s a short step from there to confidential corporate data. The most effective way to deal with this kind of threat is to adopt an integrated approach to ensure there are no cracks in the corporate network`s security system."
Share
Editorial contacts