The modern cyber threat environment continues to grow in sophistication, requiring IT security teams to stay abreast of the latest trends and emerging technologies to counter data security vulnerabilities. According to a recent article in the Silicon Republic, a Ponemon Institute study found that 58 percent of 2,000 SMB respondents surveyed admitted that management does not attach proper weight to cybercrime. However, more people are beginning to recognize that greater consideration should be given to security, as the expenses stemming from security-related disruptions cost a combined average of $1.6 million in the last year.
The study also revealed that most senior-level executives are uncertain about the threats their organizations are facing. There are a few barriers preventing the adoption of strong security measures, with 44 percent not properly prioritizing security, 42 percent indicating not having the budget for this, and 33 percent citing a lack of appropriate expertise.
With a constantly evolving threat environment, there are a number of steps to take, such as utilizing the right iSeries management system, that can alleviate concerns relating to data security.
User privileges
In a recent Avecto study, it was revealed that 73 percent of IT security professionals have not prioritized uncontrolled privileged access, with a significant majority lagging behind when it comes to controlling administrator rights. In light of the recent National Security Agency fiasco in which famed whistleblower Edward Snowden took off with some of the U.S.’s top secrets, more firms are focusing on administrative access controls.
“Media attention around the NSA’s high-profile breach has created a significant turning point in how organizations think about security, with the IT function now increasingly aware of how attacks can stem from users and system admins with excess privileges,” said Mark Austin, CEO at Avecto. “But awareness alone is not enough for network protection. Closing the disparity between those who realize the risks and those who are actively mitigating them is essential if organizations are to effectively defend against cybercrime, especially in today’s advanced threat landscape.”
One potentially effective measure to implement is the principle of least privilege, where most employees are granted standard account access over administrative ones. This could prevent costly and damaging data leaks.
Education is key
While maintaining tighter control over access to data will aid security efforts, education plays an integral role in establishing defenses. The idea that the user is the weakest link was explored in a recent ComputerWeekly article, in which contributor Bob Tarzey noted that this needs to be addressed. Tarzey stressed that many see technology as a means of tempering issues stemming from a lack of IT security training among employees, pointing to single sign on (SSO) systems with robust authentication as a way to prevent mishaps. He asked, how do CIOs ensure that IT security training is working?
“One answer to the first question is enforced self-paced education where employees are required to undertake certain training modules on a regular basis and their scores are recorded,” Tarzey wrote. “An element of competition can be introduced; poor performers and tardy test-takers can be taken to task, whilst those who stay on track can be left in peace.”
