Recently, we released results from the 2013 AT&T Business Continuity and Disaster Recovery report showing that the fear of potential security breaches and natural disasters weighs heavily on IT executives nationwide.
Security breaches are the top concern for more than 63 of the executives surveyed, with the growing rate of BYOD making cyber security threats even more relevant. The study revealed that 84 percent of executives are concerned about the security impact of mobile networks and devices. Fortunately, the majority of these executives also recognize the increasing importance of having a proactive security strategy and report having one in place. So the question is whether these plans address the most immediate and likely cyber security threats to their organizations?
Global security threats and trends
Security threats are constantly evolving and businesses need to be vigilant in keeping security strategies appropriately focused on the emerging threat landscape. The threats are growing in sophistication and size including complex botnets used for system control, recruiting, and large scale Distributed Denial of Service (DDoS) attacks. We’re also seeing an increase in targeted attacks such as spear phishing and Advanced Persistent Threats (APTs). Today, cybercrime is made easy with growing communities of hackers for hire and the wide availability of Do-It-Yourself (DIY) attack kits.
What is your risk profile?
Half the battle of defending against any cyber threat is understanding what makes your organization an attractive target to begin with. This includes a thorough evaluation of threats, vulnerabilities, and gaps between existing security strategies and best practices. A comprehensive risk profile provides visibility into critical risks and potential breach points by identifying and analyzing the effectiveness of security controls. Businesses can also use this information to evaluate their incident response capabilities and prepare their organization for real world attack scenarios.
One way that businesses can gain an advantage is with network-based security or security in the cloud. With proper deployment, these virtualized technologies can arm your business with 24×7 situational awareness of your network with near real-time analysis of security indicators. Network-based security can monitor your Internet and intranet traffic for malicious activity and unauthorized access. You can even gain visibility into potential botnet and malware interactions on your network.
AT&T offers a free resource called “Bot or Not” which allows individuals to test whether their machine is currently participating in a botnet and offers instructions for removing a bot if detected.
What other suggestions do you have for protecting businesses from current and emerging threats?