Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Tuesday, April 19, 2005

2005: The Year of Internal Security

Internal security attacks can happen either maliciously or inadvertently.  But regardless of what prompts an internal security breach, one thing is for certain: The impact of internal security issues causes negative results on an organization from both a technical and business perspective.

For too long now we’ve seen security threats have a negative impact on internal networks, and as a result, a harmful effect on employee and company productivity.  And for far too long, enterprises of all sizes have neglected to focus enough resources and energy on securing these valuable internal network resources.  And this year, the information technology industry will see this phenomenon further evolve as organizations begin to focus on securing their internal networks with the same vigor they have applied at the perimeter.

Internal security refers to a focused effort to secure resources on internal networks, or LANs.  These resources can include applications, data, servers, and endpoint devices.

Meta Group has observed that “only 10-20 percent of organizations with relatively mature security programs have managed to address internal security to a meaningful extent.”  Why is internal security finally becoming a priority?

First, there are business drivers prompting more focus on internal security.  Around the globe, companies are being forced to comply with regulations that ensure the privacy of customer data and the security of intellectual property that resides on internal networks.  These regulations drive an increased need for internal security.

Second, there is increased awareness about internal hacking.  Organizations can no longer take a “don’t look, don’t tell” approach.  Instead, many are now required to provide proof that they are continuously looking for internal hackers.  How large has the internal hacking threat become?  The CSI/FBI Computer Crime and Security Survey showed that 66 percent of organizations suffered an insider attack in 2003.

At the same time, the financial impact of worm and other new types of destructive threats has increased and become more visible in the industry.  Having the ability to protect against and contain worms, is perhaps the No. 1 problem driving the investment in internal security solutions.  It is estimated that the Slammer worm alone resulted in more than $1billion in damage, for example.

Furthermore, as security vulnerabilities in software have become more proactively communicated by Microsoft (Nasdaq: MSFT) and other sources, the timeline from vulnerability to exploit is shrinking.  The time to patch the announced security holes remains ever-present—and just takes too long.  So companies are searching for ways to protect their LAN resources during this period of susceptibility - until the holes can be filled with properly patched software.

Lastly, IT organizations have realized that endpoint devices—whether a personal computer, PDA or other device, must be as secure on LANs as they are when connecting from outside the perimeter (such as on a VPN connection.) Once these endpoints are secure internally as well as externally, they will no longer inadvertently introduce malicious code and other security threats.

Companies of all sizes are beginning to shift their attention to the topic of internal security.  They are starting to initiate change in how they protect resources on the LAN, and in turn, protect their employees’ productivity.

2005 is the year of internal security.

A combination of business and technology drivers are triggering this revolution, including worm outbreaks, privacy regulations, reduced windows of time to react and a multitude of new types of threats.  There are simple steps organizations can take to get started on protecting their internal network resources.  For the organizations who make these moves, in 2005 they will reap the benefits of having more secure and stable LANs, and in turn, a more productive workforce.

See Terms of Use and Privacy notice.

Posted on 04/19