Endpoint Security Strategies for SMBs
SMBs have specific requirements when it come to IT security in general and endpoint security in particular: they need comprehensive policies, high-end technology, all downsized at a larger scale and a fair price. They don’t need cheap and unreliable solutions, they just need the best there is, adjusted to their size.
If you’d like to know more about what the IT security market has to offer, what challenges arise from the current business environment, which are the real threats SMBs face, how to properly asses the costs of a security breach, how easy it is to lose data or have it stolen, read the latest white paper published by CoSoSys, Easy Guide to Comprehensive IT Security Strategies for SMBs - High-End Endpoint Security, Data Loss Prevention and Portable Device Management at a Reduced Scale.
Insider Attacks Double in the First Half of 2008
Security attacks caused by insiders have doubled in the last year, according to the latest report released by the Identity Theft Resource Center (ITRC). The Center found that almost 16 percent of breaches reported so far in 2008 were insider-born and went up from 6 percent in 2007. 11.7 percent of the attacks came from individuals outside the company, down from 14.1 percent in 2007.
According to Dark Reading, the ITRC’s data is consistent with other reports on insider incidents showing an increase of such attacks. Additionally, many experts believe that disclosure of all incidents is also on the rise, mostly due to the legal requirements put in place by many states over the last year.
Data stolen from laptops, thumb drives, and PDAs accounted for 20.2 percent of this year’s breaches so far, followed by accidental exposure by the organization (15.2 percent), and loss or theft by a subcontractor (13.5 percent).
HMRC Breach Caused By Poor Security
A formal inquiry on the now notorious security breach reported last October at HM Revenue & Customs (HMRC) has recently been published. The breach exposed 25 million personal records and has been proved to be caused by “major institutional deficiencies”, reports SearchSecurity UK.
The inquiry extensively details the operation procedures implemented at HMRC before the data breach. It also describes the circumstanced that have led to the loss of two CDs holidng personal and financial information on Child Benefit recipients.
The inquiry, led by Kieran Poynter of management consultants Pricewaterhousecoopers (PwC), concluded that “information security simply wasn’t a management priority as it should have been, and HMRC had an organizational design which was unnecessarily complex and crucially, did not clearly focus on management accountability.”
The report of the investigation provides a detailed blow-by-blow account of events leading up to the data loss, with extracts of emails showing who said what to whom. However, since the blame for the breach is attributed to cultural and organizational weaknesses, the staff members involved are given anonymity, and referred to only as employee A, B, C and so on.
Researchers Call for Measurable Security Objectives
The next big step in security policies should be heavily focusing on ways to quantify completed and ongoing security objectives, says Pete Lindstrom, senior analyst at the Midvale, Utah-based research firm. The purpose of this move would be to both justify spendings and highlight the value yielded by ongoing projects.
This message was presented during the Burton Group Catalyst Conference ‘08 and as SearchSecurity.com noted, Lindstrom is sketching a new model to help security experts measure and articulate security program successes and failures to senior management.
“We need to get objective and quantitative in our environments in order to better manage our programs,” Lindstrom said. “We have to collect ourselves together as a profession and define what it means to meet our security objectives.”
