Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Mobility, data harvesting are the biggest threats to security

IT managers should move into a position of understanding the natural state of their IT environment

Article comments

Threat analysis, data harvesting, mobility and the commoditisation of IT security products have been cited by analyst firm IDC as the biggest threats to Australian security in 2012.

Speaking at the recent NetIQ Rethinking Security conference in Sydney, IDC Asia-Pacific associate vice president Simon Piff told delegates that, according to a recent IDC APAC research report entitled ICT Top 10 Security Predictions, mobility and BYOD had increased the complexity of security this year.

Mobility

The enterprise adoption of consumer devices such as the iPad by C-level executives was making things harder for IT managers, according to Piff.

This was because CEOs wanted tablets so they could read their emails. In some cases, IT managers were asked to make their CEOs exempt from the organisation's security rules so they could access their email anywhere.

"Embedded in the `I want an iPad with email' discussion is the unspoken but implicitly expected security," he said.

"You cannot be secure and connected at the same time- it doesn't happen."

Piff added that the minute executives were allowed to have smartphones and tablets on the network, the IT manager needed to accept that there would be a level of insecurity in the organisation.

Commoditisation of IT security features

According to IDC APAC predictions, the commoditisation of security features such as firewalls was leading people to assume that if it was being delivered by the IT department then this made it secure.

"These days people think they have a firewall because they've got some [security] software on their laptop," he said.

"Some people no longer think about security because they make assumptions that they are protected."

However, according to Piff, there were really only two types of organisations in the world - the company that already knows it has been hacked and the other type which does not know it has been hacked.

Piff's advice to IT managers is they should move into a position of understanding the natural state of their IT environment so they could see when things started to appear abnormal on the network.

The need to secure the human

According to Piff, the human factor was essential when creating IT security policies.

For example, he suggested that people don't use cloud-based storage offerings such as Dropbox to store corporate data.

"Dropbox might be secure but which country is it located and under which legislation?"

"If I want to be a cybercriminal, the easiest thing I could do is create storage in the cloud solution that is marked as secure and you're going to give me all the data anyway."

Piff added that the motivation of cybercriminals had changed from simply hacking sites to making money out of business critical data.

"Criminals used to rob banks by breaking and entering but now they don't have to," he said.

"The likelihood of getting caught online is lower because of the use of Web proxies and the payoff is much greater than physically robbing a bank."

Data harvesting

According to the IDC predictions, data harvesting was still more likely to come from malicious employees. For example, organisations needed to watch out for rogue employees who had just been fired and -- while they still had access to a PC -- may be downloading information on to a USB stick and then running off to a rival company to try and get a new job.

Data loss was also occurring due to "sheer stupidity" by employees. For example, Piff cited the case of a former MI5 boss Stella Rimington who lost a laptop containing sensitive information on MI5 employees.


Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *