The 2012 meeting of The World Economic Forum raised the concern of how threats to our economic prosperity have shifted alarmingly from the physical to the virtual world. The exponential growth of our reliance on the internet shows how more and more of our organisational capability is at risk from threats originating from the virtual, rather than physical world.
In the last year, organisations have reported a 40% year on year increase in system security breaches from 3rd party entities intent on committing fraud and theft. These intrusions are going un-detected by our traditional IT virus control efforts as the threats become very sophisticated and organisations embrace an outsourced IT approach. Changing suppliers and general patching of servers over time create vulnerabilities that can be exploited. The intrusions often lay purposely dormant within a server or system for many months to avoid detection before striking. The threat is real and is growing substantially and result in more than embarrassing headlines and damaged reputations.
A key asset and lifeblood of any organisation is the information that flows through it. The security and timely availability of the data that makes up information that leaders and managers use to make key decisions is critical to the on-going ability to perform. System security breaches result in the theft of critical information such as:-
- Human Resource details such as National Insurance and Bank Account details
- Passwords and Swipe Access Card records that can result in physical breaches
- Sensitive Customer information like Payment Card Details and Banking Data
- Intellectual Property such as product designs and Patent applications
- Sensitive Business data such as Financial Accounts Business Plans and even Floor Plans
Most attacks are financially motivated and arrive in the form of a Phishing attempt, which means a member of staff will receive an authoritative and genuine looking email that upon opening downloads a file that begins a process of digging into the system. This file contains code that is often invisible to the IT administrator that sends messages out through holes it has created or detected in the company firewall, some are very simple and others are complex that can result in data being scraped or copied and parcelled up and sent out of the company. In more extreme cases, fake user profiles have been setup and used to process orders through the organisation’s existing operational procedures. Results of this type of fraud have seen large volumes of low value financial transactions being authorised for payment into external accounts that are closed upon receipt of the funds.
These damaging intrusions can be avoided but only by taking the appropriate action now to understand if your organisation is vulnerable and if it is by fixing them.
- By Dave Lloyd on June 27, 2013
Social media, the Internet and staff misuse. Using social media and the internet effectively and appropriately can bring huge business benefits to small to medium enterprises – these benefits can include improved communications with customers, clients, and suppliers, almost immediate access to data and information, and via social media,...
The World Economic Forum reported in 2012 that instances of hacking have increased by 40% year on year and is fast becoming the main type of crime against businesses. Rogue parties can enter your business infrastructure and steal your critical data records without anyone in your organisation knowing , often until it is too late.
Managed Vulnerability Deployment
Networking devices and operating systems (the backbone of the IT infrastructure) are common targets for attackers looking for mis-configurations and vulnerabilities as entry points into an organization. It is necessary to identify vulnerabilities and mis-configurations quickly and effectively across all attack vectors in the network. By validating their susceptibility to known exploits, malware kits and other contextual factors to calculate a risk score, organizations can develop appropriate remediation plans that are both cost effective and efficient in securing their IT infrastructure.
From ‘smart phones’ to ‘personal computers’, we live and work in a digital world where such electronic media components play an integral role in our day-to-day activities. As the use of digital equipment continues to grow, crimes involving computers such as Fraud and their use as means of communication are becoming increasingly widespread.As computers become a standard part of our lives, the information held within IT hardware and software has become critical from an evidential perspective.