According to a recent survey conducted by the FBI, damages attributed to online crime in the US last year amounted to $67.2 billion. The findings were based on a poll of 2 066 organisations, nearly 90% of which had experienced a computer security incident over the past 12 months.
In the absence of any local data on electronic crime, no one can say for sure what SA`s share of the global e-crime stakes is. One thing is certain however; both the cost of security and risk to business looks set to increase in 2006, as hacker attacks becoming more targeted and potentially damaging.
Is business better prepared today to deal with these escalating security threats?
Forrester Research maintains that CIOs are now better equipped to stay ahead of the security curve and the perimeter holes have been licked.
Niall Moynihan, Check Point Software Technologies country manager, Ireland and SA, concurs: "The primary focus has been to move from the outside-in and secure the internal network, but in 2005 this was only at the planning level. This year, however, the main challenge for security administrators will be to implement security policies capable of safeguarding the business at all levels.
"At the same time, companies will also have to address the ever-evolving virus and spyware threats, more connectivity in devices connecting to the corporate network, new technology being introduced like WiFi, wireless and VOIP," he adds.
While many companies may have fortified networks and closed perimeter holes, does this mean they are safer from external threats?
Not necessarily, according to Moynihan: "In many organisations, the network is controlling the administrators and it should be the other way around. Business has to implement the necessary security policies and controls that put their administrators back in charge of their networks."
He also sees communication devices used by employees as by far "the weakest link" in corporate networks this year. "Mobile phones, handhelds, notebooks and just about every other mobile device that comes onto the market today is so connectivity-ready that security is being bypassed - it`s not discussed, not even looked at."
The prevailing attitude is still connectivity first and security second, with security policies built around perimeters, according to Moynihan. "These need to be updated and, more importantly, they also have to be applied to internal security policies."
"In the past a firewall server was deemed an effective network defence. Today it is about having a multi-layer security infrastructure that protects everything - networks, servers and, most importantly, business applications and devices," he concludes.
Share