IT Brief New Zealand - Technology news for CIOs & IT decision-makers
New Zealand
Guides
#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things
Search
Story image
#
DDoS
#
ICT
#
Solar power

IT pros advised 'lock the front door'

Thu, 2nd May 2013
FYI, this story is more than a year old
By Staff Writer

IT security can overwhelm even the most seasoned security expert when headline-grabbing threats like 'Spamhaus DDoS' are brought to the forefront by media.

That is the view of IT management software firm SolarWinds, who have outlined six security threats that many IT professionals never think they'll face - until they do of course.

"In the pursuit of defending against the latest and most sophisticated attacks, we find many IT professionals doing so at the expense of fundamental security controls," says Javvad Malik, senior analyst, 451 Research.

"IT security is not always about over-complicated issues or threats, but doing the basic steps to ensure you have a secure foundation in place."

So, what should IT professionals look out for?

1. Targeted espionage

While security experts may know better, many IT pros might think: "My organizsation is not a high-value target. What do we have that anyone would want?"

In reality, the answer is more than they would guess.

Sensitive and personal information like credit card and social security numbers, patient records, to name a few.

Plus, with direct access to the breached network, they could do damage to other organisation's networks.

2. Unintentional or accidental loss of that data

Aside from organisations placing a great deal of trust in their employees and believing that their policies are adequate, what might take IT pros by surprise is simple employee ignorance.

Due to the proliferation of personal mobile devices, employees are taking their work home with them more often.

This has made it extremely difficult to keep track of who and what is connecting to the network, resulting in less control and increased security risks.

3. Denial of Service Attacks (DoS)

DoS and DDoS attacks are among the inventive hacking practices on the rise that could bring down business critical services, inhibiting user access and business continuity.

IT pros may get caught off guard with this type of attack since, in many cases, it's the result of someone out to wreak some havoc.

4. Understaffed IT team

As organisations grow and bandwidth for time and resources are taxed, it's easy for over-extended IT pros to overlook existing rules and inadvertently open security holes simply by not knowing the full impact of their changes, or for under-experienced IT pros to not know what to monitor and what tools to use.

5. Phishing attempts

Culprits masquerading as a trustworthy entity attempt to acquire usernames, passwords, credit card details, and account information to gain access to a system through email or via instant messaging.

Organisations which are most affected believe that their controls are good enough, relying on junk mail as a catch-all or their users to know when and when not to open suspicious email.

6. Malware exploiting common vulnerabilities in Java and Flash runtimes

For many, if not most, companies, third-party applications like Java and Flash are critical infrastructures required to use a large number of business applications.

Organisations are prime targets for infestations when IT pros assume that the most recent application version is security-proof, they are not up-to-date on their patches, or when they don't have full account of all the applications installed by end users.

But before you booby-trap the perimeter, lock the front door

According to SolarWinds, it's easy to get caught up in preventing what-if scenarios, but it's most important to remember Security 101 - the basics of what every IT pro should consider when securing their network, including:

* Define and establish security policies and rules

*Document your network, policies and access

*Continuously track and monitor activity and behavior with real-time alerts and reporting

*Automate with software tools where you can

*Have an incident response plan including when to notify corporate legal, PR and customers/clients

* Regroup after an incident to ensure appropriate actions have been taken to mitigate risk in the future

*Use operational management tools to gain insight into suspicious behaviour

Is your company taking the correct security precautions? Tell us your methods below

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Radware reports web DDoS attack activity
Hackers hit Paris Olympics venues & museums with ransomware
Amazon hits 100% renewable energy target seven years early
How to neutralise a web DDoS tsunami attack
Surge in cybercrime on Telegram highlights security concerns
Top stories
Industrial blockchain revolutionising transparency & security
Juniper Networks unveils AI-powered Wi-Fi 7 technology updates
Oracle unveils Java 23 with features to boost developer output
Vultr partners with HEAVY.AI to boost GPU-accelerated analytics
Percona launches Everest, a cloud-native open-source DBaaS platform