Stop for a moment and take a look around you--IT isn't just the computer on your desk, the lap top in your bag or the mobile in your pocket The truth is it's controlling who is and isn't entering your building- virtually and physically, how and where your customers are being dealt with, it's driving your production line and it even has a part to play in how your coffee is produced. IT is no longer confined to a small back office, possibly in the basement staffed with geeks all speaking their own language. IT keeps you open for business, but if you're not careful it can close you down for good.
For every company there is a requirement to exercise due diligence and care of the company's assets and the future ability to produce returns for investors, from revenues, "his is increasingly embedded in legislation, regulation, standards and best practice guidelines. I'm not going to provide a definitive list - it is neither necessary for this article, nor realistically possible due to the frequency it changes or is amended, further complicated by differences in terminology between sectors and countries. Suffice to say that, in order to exercise due diligence and care, you need to plan for the day you can't - in other words, a business continuity plan.
I challenge you - get a copy of your plan (if you have one), dust it off and actually read it. in the majority of cases it will cover eventualities such as damage caused by fire, theft or even flooding. If you're based in one of the cities it may even include a section on external threats i.e. terrorist attacks and other disaster eventualities. You've probably got a plan for overcoming a power failure, where to resource external staff if yours are ill and, if you're in production, crisis management if your product fails.
What does it say about suffering a cyber attack? Chances are it doesn't.
In this day and age most companies, irrespective of whether a single office or a large international conglomerate, are reliant on computer systems to function. If you were attacked tomorrow, the reality is it will shut you down. How long it takes to get back up and running, if at all, is down to you. Sit up, take note and plan for the inevitable.
You're Under Attack
An attacker isn't just interested in stealing your information or funds. Organisations are experiencing attacks, whether denial of service or injected with malware, that is designed to wreak havoc and ideally shut the business down. Recent high profile victims include Wikileaks, Facebook and Twitter. However, it's often not just the victim that suffers as PayPal, VISA and Mastercard can attest having fallen victim by association. Any company can be a target as it's not just anonymous cyber terrorists waiting to pounce, a disgruntled employee could wreak just as much havoc on your system if the notion takes them. What about if your IT system just fails, even the BBC has to hold its hand up to that one!
The effect of being closed for business, however temporarily, will cost the organisation money. For an online retailer it's a little more obvious as, if customers aren't able to make purchases, there's the immediate loss of revenue. However, for a large manufacturing company, if its IT infrastructure fails and production has to shut down for 24 hours the costs will soon mount potentially into the millions. The expense isn't limited to the immediate problem of restoring services or production - there's the lost time, ruined stock, ongoing costs of rebuilding confidence in the customer base and potentially amongst shareholders, plus the knock on effects such as an increase in insurance premiums. The costs quickly mount.
The AT&T Business Continuity Study 2010, reported that (1):
* Three-quarters (77%) of organisations indicate that employee use of mobile devices plays a major/minor role in the business continuity plan
* Half (50%) have virtualized their computing infrastructure, with less than four out often (38%) having implemented a business continuity plan for the virtualized infrastructure
* 84% of all companies surveyed have e-mail or text messaging capabilities to reach employees outside of work, and three-fourths (73%) have systems in place that enable most employees to work from home or remote locations
While, on the surface, all of these resources offer a lifeline to an organisation in the event of a general infrastructure failing, and you've probably rubber stamped the budget on some of these initiatives yourself However, on a day to day basis they also 'throw open the doors' to the outside world risking extreme disruption through attack.
First Line of Defence
An organisation's IT team has many responsibilities with one main, overriding objective - to deliver the best service possible. However, this does not always promote the best security possible. Why? Well, budgets are usually the biggest issue. CEO's MUST understand the need for enhanced security and ensure their IT team deliver it.
When the corporation has spent millions on network defences it is then close to incompetence to not make sure those investments are working to the optimum effectiveness. Regular audit and validation leads to enhanced security, that costs very little and is a must have process.
With constant vulnerability testing and security enhancement through configuration, better rules can be defined and implemented. This activity can even avoid additional capital expenditure in unnecessary security devices, saving budgets.
Making sure your defences are working to the optimum is not just the responsibility of your CIO, CSO or whatever you call your IT management head. It goes all the way to the top. The function of the CEO and board of directors, as part of their legal responsibility and charge by shareholders, is to exercise good corporate governance.
You wouldn't build your office on the sand, so why allow your IT infrastructure to have insecure foundations. Ignoring your network defences is tantamount to corporate suicide.
www.idappcom.com
(1) For a full summary of the AT&T Business Continuity Study can be found at "http://www.att.com/gen/press-room?pid=17839
RELATED ARTICLE: Spring 2011 Global Internet Phenomena Report Reveals New Internet Trends
Sandvine, provider of intelligent broadband network solutions, recently announced the release of their Global Internet Phenomena Report: Spring 2011, including Internet trends from North America, Latin America and Europe, with specific spotlights on events such as Netflix adoption and March Madness[R] On Demand. Overall insights since the last report in the fall of 2010, reveal a growing appetite for on-demand applications that will continue to drive data consumption and network quality requirements.
Mojor findings from the report include:
* In North America, Netflix is now 29.7% of peak downstream traffic and has become the largest source of Internet traffic overall. Currently, Real-Time Entertainment applications consume 49.2% of peak aggregate traffic, up from 29.5% in 2009 - a 60% increase. Sandvine forecasts that the Real-Time Entertainment category will represent 55-60% of peak aggregate traffic by the end of 2011.
* In Latin America, Social Networking (overwhelmingly Facebook) is a bigger source of traffic than YouTube, representing almost 14% of network traffic [see figure 4]. Real-Time Entertainment represents 27.5% of peak aggregate traffic, still the largest contributor of traffic in that region.
* In Europe, Real-Time Entertainment continues a steady climb, rising to 33.2% of peak aggregate traffic, up from 31.9% last fall [see figure 6]. BitTorrent, a peer-to-peer (P2P) file sharing protocol, is the largest single component of both upstream (59.7%) and downstream (21.6%) Internet traffic during peak periods. In the UK, BBC's iPlayer is 6.6% of peak downstream traffic, reflecting the demand for localized content in many markets. Overall, individual subscribers in Europe consume twice the amount of data as North Americans.
Sandvine's reports and spotlights are made available through Sandvine's suite of Business Intelligence products, including Network Analytics and Network Demographics. The reports are an ongoing series of Internet phenomena and traffic analysis studies that have been published since 2002.
Author: Ray Bryant
No comments:
Post a Comment