14 September 2011

Time to get a grip on security

Time to get a grip on security

Admittedly, the anti-virus industry could hardly be described as guiltless when it comes to scaremongering. However, the revelation that there have been 365 data loss incidents globally since the start of this year, involving no fewer than 126,727,474 records, is worrying.

IT security specialist SecurEnvoy is the source of that factoid, and its co-founder Steve Watts also points to a study by analyst Juniper, which suggests that a staggering 90% of organisations have suffered data breaches over the last 12 months.

Watts notes that most of the information stolen is personal, and usually not the result of individuals' inadequate online protection, but the fact that trusted companies have been breached. His point: following security guidelines won't work, because the horse bolts from a different stable.

That said, for manufacturers there are related but potentially more sinister risks – which are plainly on the rise. Imperva's latest hacker intelligence initiative report, for example, reveals that cyber criminals are now using search engines to facilitate thousands of attacks, without detection.

Imperva CTO Amichai Shulman explains that they are using browsers and 'Dork' search queries to identify attack targets and automatically build pictures of exploitable server resources. As these searches are conducted using botnets – controlled groups of compromised computers – and not the hacker's IP address, the attacker's identity remains concealed, he says.

"While attackers are mapping out these targets, it is essential that organisations prepare against exploits tailored against these vulnerabilities," he advises. "This can be done by deploying runtime application layer security controls." For him, relevant protection includes: a web application firewall to detect and block attempts at exploiting application vulnerabilities; and reputation-based controls to block attacks from malicious sources.


That's fine for the outside world, but as Jeff Hudson, CEO of encryption key software firm Venafi, indicates, the problem for many is that malware and intruders are already operating undetected from inside organisations – making espionage a clear risk.

Anyone who doesn't believe that is, he says, "in denial". So, for him, we also need to: encrypt all data flowing between IT resources, as well as stored data; and enforce authentication, encryption key access control and audit logging for both local and remote access.

And given that 42% of IT staff can gain unauthorised access to their organisations' most sensitive information, according to a survey by security management firm Lieberman Software, the importance of this kind of protection cannot be overstated.

Brian Tinham, technical editor, Works Management

Supporting Information

This material is protected by Findlay Media copyright
See Terms and Conditions.
One-off usage is permitted but bulk copying is not.
For multiple copies contact the sales team.

Do you have any comments about this article?

Add your comments

Name

 
Email

 
Comments
 

Your comments/feedback may be edited prior to publishing. Not all entries will be published.
Please view our Terms and Conditions before leaving a comment.

Related Articles

ODVA machinery SIG

Open, interoperable automation technologies pressure group ODVA is forming a ...

Hype and jargon

More than four fifths (84%) of IT decision makers in manufacturing industry say ...

Cybersecurity survey

A global cyber security of more than 1,500 professionals has revealed that more ...

Getting IT right

Back to basics, but with your eyes wide open is a good starting point for any ...

Network practice

There’s much more to securing and provisioning your business and plant networks ...

Wireless world

Going wireless isn’t just about business communications. Brian Tinham discovers ...

Related Articles

Bakehouse: Delicious and determined

Bakehouse have gone from start-up to market leaders in 15 years. They are now ...

Sevcon

Customers and Shareholders Benefit as Global Manufacturer Deploys Management ...

Six Steps for: Discrete Manufacturers

Columbus IT has worked with many Discrete Manufacturing organisations enabling ...