Sean Dolan (Europe) - Next Generation Security for the New Generation of Cybercrime

Today, the threat of cyber attacks is nearing statistical certainty with every type and size of business at risk. According to a survey of French, German and U.K. IT and security professionals - conducted independently by Ponemon Institute and sponsored by Juniper Networks - 84 % of the businesses surveyed fell victim to at least one successful attack, costing about half of these businesses at least €250,000 each (Perceptions about Network Security, Ponemon Institute, June 2011).

The cybercrime landscape is markedly different from ten years ago, when hackers were widely perceived as computer geeks putting their skills to the test for fun. Today's attackers are organised, well-funded and malicious; over the past decade there has been a noticeable shift in hacker motivation, from notoriety to profitability.

If businesses are to protect themselves against this growing risk, they need to be cognisant of the different types of threats which come from internal or external sources, e.g. spam emails phishing for private information. Almost half of the perceptions About network security survey respondents (45 %) say the attacks are coming from multiple sources, and 44 % say they are from employees and other insiders. This means conventional security methods will have to change. Organisations now need to re-evaluate how they think about security, from securing individual elements and network perimeters, to a much more holistic approach.

The answer isn't simply found in layer upon layer of firewalls and other security products; a truly secure infrastructure requires a shift in approach and mindset. Simplified network architectures and integrated, systemic, end-to-end security approaches, from mobile device security to the secured cloud, lead to a much greater level of protection for the entire IT system, including the internal network and the data centre.

In order to protect themselves, organisations should be implementing more aggressive, systematic security approaches that provide end-to-end, comprehensive protection at all points in the network:

• Understand the risk employees' mobile devices present.The trend towards using private devices to connect to the corporate network is a huge threat to businesses, as employees who are ignorant about their personal security settings are much more likely to fall victim to cybercrime and transfer malicious malware onto the corporate network. According to Ponemon Institute's 2010 annual cost of a data breach atudy, 33 % of organisations report that a lost or stolen laptop computer or other mobile data-bearing device caused the data breach they experienced, and 40 % of respondents to the perceptions about network security survey said personal smartphones are permitted to access the network.

• Create a comprehensive policy (including detailed guidelines) for all employees and contractors who use mobile devices in the workplace. The policy should address the risks associated with each device and the security procedures that should be followed. Guidelines can range from: what types of data should not be stored on these devices, to how to remotely lock and wipe a device. An effective and ongoing communication and education process must be wrapped around the policy document for it to be effective.

• Improve ability to detect and prevent breaches through expertise and enabling technologies. Understanding the source of the breaches can help organisations strengthen their cyber security strategy, yet more than half of those surveyed (57 %) don't have this information for any of the attacks they have experienced. Organisations should address the insider threat through the creation of an enterprise-wide security policy that includes the responsibilities of employees to help protect network security.

• Complexity is recognised as a barrier to effective network security strategy. Reducing an organisation's vulnerability to attacks through the combination of enabling technologies and training programs can help prevent the pattern of multiple breaches; more than half of respondents in the study (55 %) say their organisation's network security has been successfully breached at least twice over the past 12 months alone. This implies that the majority of businesses simply are not learning from their mistakes, and continue to put themselves at risk. The average cost of a data breach for UK organisations in 2010 was £1.9 million, according to the perceptions about network security study.

As technology develops and cybercrime becomes more sophisticated and lucrative, even financial institution that invest vast amounts in protecting their assets are at risk. No matter what businesses do, hackers are going to try to find a way to breach their defences. With the threat of cyber attacks intensifying, not dissipating, businesses have to take an active stance in the fight against cybercrime - from simply updating their firewall and other security systems to encouraging employee behaviour changes.

Businesses have to be prepared to fight against attacks on their critical infrastructure and networks - there's not a single company that can afford to be complacent in its approach.

By Sean Dolan, vp (EMEA), Juniper Networks



« Jake Freivald (Europe) - How Does your Data Perform for you?


Carl Leonard (Global) - The Cybercrime 'Five': Are all hackers the same? Part 3 »

Recommended for You

Trump hits partial pause on Huawei ban, but 5G concerns persist

Phil Muncaster reports on China and beyond

FinancialForce profits from PSA investment

Martin Veitch's inside track on today’s tech trends

Future-proofing the Middle East

Keri Allan looks at the latest trends and technologies


Do you think your smartphone is making you a workaholic?