From a security point of view, many organisations have ‘upped their game’ by deploying more sophisticated tools for preventing attacks and reducing their potential impact. They have recognised the need to adopt a strong security stance and appear confident in the processes they have in place.
Technology vendors are also more focussed on addressing vulnerabilities in their own products and are working hard to close the gaps in the fences. However, at the same time, cyber criminals are becoming more sophisticated in their methods and more adept at avoiding detection.
They change their tactics and tools constantly; disappearing from a network before they can be stopped, or quickly choosing a different method to gain entry. They devise spam campaigns using hundreds of IP addresses in an attempt to bypass IP-based anti-spam reputation products.
They design malware that relies on tools that users trust, or view as benign, to persistently infect and hide in plain sight on their machines. They find new vulnerabilities to exploit if vendors shut down weaknesses in other products and they work at establishing a hidden presence or blend-in with the targeted organisation; sometimes taking weeks or months to establish a foothold.
According to Cisco’s annual security report, IT security professionals seem more optimistic about their ability to detect or prevent an attack; though this isn’t reflected by a decrease in data breach notifications. Cyber criminals continue to steal data, extort money from unsuspecting consumers and disrupt networks for political gain.
Security is a numbers game. Even if 99.99% of spam is blocked, we are dealing with millions of messages. Some will, inevitably, get through. When these attacks get through to individual users it is the user themselves who become the vulnerable point in the network. Since organisations have become more adept at preventing network data breaches, malware and spam, attacks may instead exploit users through tactics such as sending them a fake request for a password reset.
When the users themselves become the weak link in the security chain, organisations have to make some tough decisions about security products and policies. When appealing to users’ demands for fewer barriers to productivity and more intuitive applications (like the ones they experience in the consumer world) are organisations creating an environment of risk?
Counter-intuitively, some organisations may choose to bypass users, assuming that they cannot be either taught or trusted, and implement stricter security controls that impact on the user experience. Technology rarely empowers users to take charge of security as active participants. Instead, it forces them to work around security tools that get in the way of their workday; exposing the organisation to greater risk.
Given what is at stake, security needs to be taken seriously. If you are in any way unsure about your network security, why not contact us on 0333 800 8811 or email email@example.com
Posted in News