How Secure is Secure?

Rami CourtemancheIndustry

The importance of IT and Network Security in an era of ever-impending breaches

Let’s face it, IT and network security is nothing new—we’ve been hearing about it since before the internet was even available to the general public. But in this day and age, the threats to network security are becoming more and more prevalent, and, therefore, more and more detrimental.

Let’s not forget that it was just a few months ago when hackers took advantage of internet-enabled devices—from thermostats, to lightbulbs, to children’s toys—and used them to launch an attack that shut down the IT systems of some of the largest companies in the world.

How did they do this? Simply put, they leveraged and exploited devices with no security to attack those devices that do have security. And, unfortunately, as the Internet of Things, or IoT, becomes more of a reality, this is probably not the last time that we’ll see this.

So, in an era of uncertainty, what is to be done?

First, due diligence is at the top of the list. Considering the threats organizations face today when migrating applications and data to the cloud, such as cloud malware, data breaches, account hijacking and malicious insiders, it’s critical that they move towards a highly secure environment.

To complicate the situation, in the cloud you can’t use traditional network security tools since you may not have access to the cloud provider’s network. You need security that’s built for the cloud, but won’t complicate your life as an IT organization, and won’t impact agility. Thus, choosing a security partner who understands the cloud is critical.

Second, be prepared for an attack—after all, it’s not a matter of if, but when. And I don’t mean the thousands of attacks that networks get hot about every day—I mean the kind I mentioned at the beginning: calculated mass-attacks that are designed not only to hurt your organization, but also many other organizations. If you do get attacked, you must get a handle on it as soon as possible to limit its impact on your organization and on all the customers you serve.

And, finally, make security a part of everyone’s daily routine—not just IT and networking—but everyone. After all, your employees are potentially the biggest attack vector, and one that attackers may use to compromise your organization. Malicious code can be introduced by way of links in emails, website pages, and end-points such as phones, MP3 players, and USB keys. A CIO once told me that they would rather have someone walk into their datacenter with a hand grenade than a USB key—the grenade would do less damage, a situation most people would not have considered.

You can have all the best IT security in the world, but at the end of the day, you are only as strong as your weakest link. Thus, educating people on the importance of not letting their guard down will help keep your infrastructure secure—and enable your business to work without fear and to ensure your business remains as usual.