The type of security threats on our networks is escalating. While tools exist to detect security leaks, they have no chance against skilled professionals with a reason to take something from your network. Knowing where you stand in terms of network security is no longer an option, but a necessity. The numbers associated with network security will shock you.

Studies show more security threats come from outside an organization, but an increasing concern relating to several types of internal threats persists. CSO Magazine’s E-Crime Watch Survey found that overconfidence is pervasive amongst security professionals and organizations in thinking they have things handled. This kind of thinking is concerning given the recent rise in targeted, financially motivated attacks.

• May 2009 – Heartland Payment Systems reported a security breach that cost the company about $12.6 million, including legal costs and fines from MasterCard and Visa, which directly contributed to a $2.5 million loss for the affected quarter
• December 23, 2008 – RBS Worldpay, a subsidiary of Citizens Financial Group Inc., said a breach of its payment systems may have affected more than 1.5 million people
• March 2008 – Hannaford Brothers Co. disclosed that a breach of its payment systems, also aided by malicious software, compromised at least 4.2 million credit and debit card accounts

Social Engineering and Password Crackers

The E-Crime Watch Survey revealed that the use of social engineering techniques jumped to the number one method of committing e-crimes. This includes manipulation of a person or persons who can permit or facilitate access to a system or data.

Another change revealed that organizations with insiders using sophisticated technologies like password crackers or sniffers jumped from 17 percent to 31 percent. The evidence shows that while 57 percent of participants said they are increasingly concerned about the potential effects, a large number have trimmed IT spending by 5 percent and corporate security by 15 percent.

How You Can Protect Your Business

With the average cost of a security breach estimated at $6.6 million (ranging from $613,000 to $32 million), it pays to have a baseline of the environment, utilize IT security policies and stay up-to-date on trends. Focus on areas that pose the highest threat to your environment.

A recent article by CompTIA (Computing Technology Industry Association) says, “To address evolving threats, support mechanisms such as disaster recovery plans, dedicated security teams, security trainings and formal policies for responding to incidents have been adopted by many firms. These are supplemented by preventive technologies, such as firewalls and antivirus software used in combination. A growing number of U.S. firms are using other technologies, including intrusion detection systems, physical access control and multi-factor authentication.”

CompTIA’s survey of 1,000 IT professionals revealed their top security threats.  Which of these threats are relevant to your organization? What initiatives are you planning to address network security?