“Our research indicates that the majority of organizations tend to think about security solely in terms of technological solutions and not procedure,” says Joe Greene, vice president of IDC Canada.
That’s perhaps a common enough refrain that enterprise network managers can say they’ve heard it all before. The problem is that, for all its repetition, the message doesn’t always seem to get through, and Greene says that’s probably because you can see and touch the results of capital expenditures. But things you can’t buy, like solid procedures, processes and good sense, are ultimately intangible.
“There’s got to be someone’s time involved, and in realistic terms that costs money,” Greene says, “But you see organizations that invest in an anti-virus solution and think ‘okay, we’re fine now.’ The investment itself won’t go very far unless you follow it up, not so much with further investments in products and solutions, but with procedures.”
Indeed, maintaining a safe network is as much a question of using existing assets as of acquiring new ones. And ensure you have the proper controls in place to make sure things are happening.”
Spyware and adware would not be so much of a problem if users could be made aware of the perils of clicking through the link on that tempting fishing message or downloading allegedly “free” software that, in fact, installs a battery of resource-hogging nasties on company systems.
For the IT department, eternal vigilance is the price of network security. Some of these things are no-brainers, particularly when it comes to defending against malicious network-borne code like viruses and worms.
On the other hand, it’s easy to slip into a complacent, false sense of security when there haven’t been recently any headline-grabbing worm and virus scares like Blaster and Slammer. However, the risks are so great and the costs so low that Greene says it’s important to institute processes that keep IT staff and the enterprise as a whole at a state of readiness.
“It requires constant vigilance to make sure that employees are aware of the dangers, and to be prepared to deal with problems as soon as they emerge,” he says. There are fewer no-brainers, but Greene says that the same vigilant mindset can go a long way to prevent the worst excesses of the on-line criminal element.
At the end of the day, the best security is a product of the kind of thing that money can’t buy: attention to detail, a willingness to keep systems maintained and a mindset that hopes for the best by preparing for the worst. It’s just common sense, Greene says, but the problem with that is that common sense isn’t always that common.
http://www.networkingpipeline.com/164300859