W3C Valid XHTML 1.0
Guest Post: Keeping Pace with the Changing Face of Security
by Brian Morkert, Information Security Advisor

NOTE: In an effort to bring valuable high tech related content to the community-at-large, I’ll occasionally feature advice and thoughts from industry leaders in our region. Brian Morkert, president and founder of Audit West IT Risk & Compliance Advisory Services, has graciously agreed to address the critical topic of securing your strategic assets. Morkert will co-present “Information Security in Today’s Business Environment ” with Michael Hamilton, City of Seattle’s Chief Information Security Officer, on March 21, 2013 at Poulsbo City Hall, 5:30p - 7:30p.

—Doña Keating

—————————-

Keeping Pace with the Changing Face of Security

With internal and external threats growing exponentially, protecting your information assets, operational performance and reputation are critical.

The information security world has a deluge of threats coming in every direction – from malware exploiting a Java vulnerability exposing several million computers around the globe to state-sponsored attacks, like the recent linking of the Chinese Government to an enterprise-scale cyber espionage campaign spanning multiple years.

The seriousness of the cyber risks we face is profound. So much so that President Obama recently signed an executive order aimed at protecting the computer networks that support elements of the country’s critical infrastructure such as banks, power companies, and water treatment facilities.

In a world where malicious attacks have grown extremely sophisticated, it’s difficult to fully comprehend the scope, impact, and ramifications of a security breach.

Trends Making Security More Complex

  • The shift from traditional client-server applications to web-based applications
  • The shift in IT infrastructure from a dedicated data center to a cloud-based infrastructure
  • BYOD (“Bring Your Own Device” is where employee-owned devices such as smartphones or iPads are used for business)
  • Increased external threats (spam and malware)
  • The increasing complexity of threats (examples: Distributed Denial of Service attacks and state-sponsored Advanced Persistent Threat style attacks)
  • The change in the bad guys (from hackers to espionage and political motivation)
  • Increasing insider threats

Security demands are changing based on the types of threats and those driving the threats. Also expanding these threat vectors are employee behavior, business priorities, and infrastructure demands.

Be Proactive

While information security professionals are diligently working to keep pace with threats, ultimately everyone plays a role. Organizations must take responsibility for the security of their information assets and the security of their customer, client, or patient data. The proper tools and procedures are essential in maintaining a healthy level of security. Proactively addressing evolving security trends like BYOD and cloud security, as well as heightening threat detection and mitigation activities, can improve security. Management must take ownership and budget must be set aside to fund security initiatives.

The problem doesn’t stop there however; personal technology users are at risk as well. I can’t tell you how many people I’ve talked to that say, “There’s nothing on my computer worth stealing.” Well, guess again. If you’ve ever used your computer to do online banking or pay a credit card bill, there’s something worth stealing. And even if you haven’t conducted financial transactions, if your personal computer is compromised, chances are it will become part of a massive network of similarly compromised computers (called a botnet) to be used as a massive processing platform to conduct cyber-attacks against other companies.

Hackers rarely will attack a target system directly. They will often use many hosts in between them and the target to hide their tracks. And don’t think you’re safe because you only visit reputable sites such as CNN, MSNBC, Fox News, etc. These sites can and have been compromised.

Diligence is critical. Keep your anti-virus software current, conduct regular virus scans, use a firewall for your business and home networks, keep your operating system and applications up to date with patches, use strong passwords and change them regularly, learn to recognize email phishing scams, and educate your users about security risks. These actions will go a long way toward improving the security of your home or company network.

—————-

Brian Morkert is president of Audit West IT Risk & Compliance Advisory Services. He advises companies on information security and risk management issues. Morkert holds numerous certifications including computer forensics and regularly trains organizations on incident response.

Audit West performs penetration tests and audits for multinational and Fortune 50 firms, utilities, universities, healthcare organizations and hundreds of regional and community banks and credit unions.

Morkert will be a featured presenter at the West Sound Technology Association (WSTA) meeting on March 21, 2013 in Poulsbo, Washington. Morkert will be joined by Mike Hamilton, Chief Information Security Officer, City of Seattle, for Information Security in Today’s Business Environment. Together they will highlight real world threats to public and private sector companies and what you can do to protect your organization. WSTA meetings are open to the public. Cost is $10, members are free. For more information and registration, go to http://westsoundtechnology.org/events/upcoming-events/mar-21-security.

Doña Keating is President and CEO of Professional Options, a prominent innovator in the policy and management consulting industry which provides solutions for businesses, organisations and governmental agencies. She is also a principal in K2 Strategic Solutions, a partnership between Professional Options and Keating Consulting Service which has a combined 50 year history of providing information technology, policy, and management consulting. Keating’s latest book, “How to Avoid the Pitfalls of Nonprofit Hell”, offers pithy observations and solutions borne of decades of service on non profit boards and committees, advising them, or facilitating executive retreats.

 
ABOUT THE AUTHOR
Dona Keating's picture
Status: Offline
Member Since: 3-31-2009
Post Count: 39
Comments