7 Security Threats Circling Your Network4:00 PM EST Thu. Jun. 28, 2012
Which network security threats are top-of-mind for your customers these days? A recent survey of more than 3,700 IT professionals shows there are several of them.
The Information Systems Audit and Control Association (ISACA), an international provider of industry information and certifications, has issued the results of a recent survey of the global security landscape, including perceptions of the most dangerous network security threats.
In the past year, 22 percent of enterprises have experienced a security breach and 21 percent have faced mobile device security issues, according to survey.
Here's a look at what respondents said are the most likely network security challenges they'll face over the next year, including how partners might be able to get in on the action.
Ah yes. Good old fashioned external hacking seems almost quaint given the rapid extension of modern threats and attack vectors. But given the emphasis on these recent developments, it can be easy to take your eye off the ball regarding garden-variety hackers. Five percent of surveyed IT professionals said external hacking is the most likely threat facing their network security over the next 12 months.
For the most part, the strategy here is about keeping security suites properly configured and up-to-date. Not very exciting, we know. But it’s still something that requires your ongoing attention in the never-ending quest to keep your customer’s information safe.
We’ve all heard the stories about people who had installed attacks to occur when their name disappears from payroll, or some other attack on their employers in an illegal, or at least unethical, expression of “Take this job and shove it.” This is the domain of the disgruntled employee -- not to be confused with the accidental exposures committed by happy, “gruntled” employees otherwise in good standing. While such acts of malfeasance are relatively rare, it is important that channel partners identify potential symptoms and guide their clients toward policies that will help to prevent them before they occur. Five percent of surveyed IT professionals said disgruntled employees represented the most likely threat facing their network security over the next 12 months.
Cyber-attacks happen every day, although only the most high-profile ones tend to make the news. The most recent types of cyber-attacks are even purpose-built by national governments for a variety of purposes, such as espionage and sabotage. And some of the more famous ones, such as Stuxnet and Flame, are highly modular. That means some of the nastiest features can be lifted out of the military-grade bugs and dropped into existing malware platforms to make the more common types of attacks even nastier. That also means that as you read this, some malware author is probably using those modules to create an uber-bug that can put him on the map. Seven percent of surveyed IT professionals said cyber attacks represented the most likely threat facing their network security over the next 12 months.
Effective security for the cloud is a huge topic in today’s IT discourse, which means it's not surprising that eleven percent of surveyed IT professionals said cloud computing represents the most likely threat facing their network security over the next 12 months.
Nearly every vendor has a strategy for how cloud security can be maximized, and (surprise!) that vendor’s products happen to be the focal point of truth and justice. This means that the channel is looking at a huge opportunity in helping customers to navigate these offerings and the related purchasing decisions. But that level of assistance implies that the partners have a very strong knowledge of the various risks and responses. Some channel companies are doing a better job of that than others, according to many industry insiders. And since one of the key concerns about the cloud is that channel partners can become interchangeable parts, developing this expertise can be a key differentiator.
“Hey, I got this new tablet and I’m going to use it on the network.” We’re not really sure how often these words are actually spoken, because a lot of times the devices simply show up without permission. But “bring-your-own-device,” also known as the “Consumerization of IT” has opened up a Wild West of new threat vectors. It's a fear that is quickly creeping up on IT departments, as 13 percent of surveyed IT professionals said BYOD represented the most likely threat facing their network security over the next 12 months.The focus for the channel is mostly around detecting devices, maintaining security and figuring out exactly what those devices might be up to. This is an especially tall order when you consider the fact that personal devices are, well, personal. And, that means gaining access to them and managing them can be a lot more difficult, especially when employees are less than thrilled about the idea.
Forget about the proverbial “inside job.” The second biggest concern, cited by 16 percent of respondents, is accidental exposures by employees, as opposed to the intentional, inside job variety. These could include acts such as parking data on insecure storage sites, malware accidentally delivered by USB devices, loss of computers, phones or USB devices, and also social engineering attacks in which victims are tricked into revealing sensitive information. The solution is based on more than just solid security technologies. It also involves no small measure of employee education on specific risks and how to avoid them. Look for channel partners to become more involved in this aspect of security as time goes on.
Loss of data leads the league when it comes to IT security care-abouts, with 17 percent of survey respondents naming it as the most likely single threat facing network security in the next 12 months. And as various exploits target the seams of security coverage at the same time that the malware bugs are becoming more insidious, who can blame them? The data on the network represents a substantial percentage of company value, and various compliance standards such as HIPAA and PCI have stringent requirements that can make data loss an even more unpleasant experience than ever before. Thus, the topic is moving beyond its previous status as a technology level discussion, and it is becoming more of a business level discussion as C-Level executives of all types increasingly recognize the inherent risks.
Of course none of these threats exist in a vacuum, and the reality is than any number of them could hitting your customers' networks at any given time. When you consider the fact that success with information security is truly dependent upon one’s ability to approach the full range of threats, it's little wonder 19 percent of survey respondents named "all of the above" as the biggest threat facing network security over the next year. After all, when catastrophe strikes, customers are rarely mollified by a recitation of the attacks that did not succeed. By that point, one of them did. So the discussion turns toward what to do next. As a channel partner, you are expected to have that solution pretty much in lock-and-load. Being fully prepared can actually help to maintain your customer relationship. Note that eight percent of survey respondents actually said that none of these categories represent the biggest threat out there, so if you've got a jump start on what else might be lurking out there, your customers will surely thank you.