Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

IT Security Neglect Without Management Support

Kaspersky Lab UK : 17 October, 2011  (Technical Article)
Survey from Kaspersky Lab reveals high proportion of companies believe more senior management support is required for IT security not to fall into neglect
IT Security Neglect Without Management Support
Corporate IT security is only effective if upper management is on board. Research shows that the level of interest expressed by those members of top management whose remit does not include IT, leaves something to be desired. 63 per cent of companies would like to see their executives expressing more interest in IT security.

“The key to engaging senior executives who don’t have direct responsibility for security is for IT managers to be able to demonstrate the benefit of investing in security,” said David Emm, senior security researcher at Kaspersky Lab. “This emphasises the need to measure security across the enterprise, which means being able to highlight security incidents that have occurred in the past, their potential impact and the steps needed to mitigate the threat. This is the only way (a) to demonstrate the return on investment of current security investments and (b) to provide a compelling case for IT security spending to plug any gaps that may exist in corporate defences.”

Not all companies are aware of the importance of IT security. According to Kaspersky Lab’s global survey, 30 per cent of companies have not yet fully implemented even basic malware protection. In practice this means that while companies often use virus scanners, either important modules (like anti-spyware) are missing, or not all computers are equipped with malware protection. Many companies, for example, protect their Windows desktops while neglecting the Macs in their graphic design departments and employee smartphones. Managers are being urged to demonstrate greater awareness of IT security and to set clear rules.

Please see below for further advice and comments from David Emm, senior security researcher at Kaspersky Lab, on implementing security policies:

In many companies, IT security is neglected. New devices, software and services are introduced, and protection is an afterthought. This is not the best way to implement an effective security policy. The correct procedure is put a strategy in place and then apply the strategy to any changes made to the security infrastructure.

Say, for example, that a CEO suddenly develops a passion for tablet computers and wants to use them as additional corporate tools. In this case, the company’s security framework must be expanded to enable employees to work on these mobile devices in accordance with the corporation’s security policies. All proposed changes to company IT equipment should be explored beforehand and implemented only when this can be done securely. This, at any rate, is the theory. In practice, however, things look very different. As is so often the case, problems can arise because of tight budgets and staff shortages.

Companies of all sizes can fall victim to cybercriminals. After all, small companies use the same tools as large ones – Windows on desktops and servers, and Internet Explorer or Firefox as browsers. They may also use Office, or comparable software suites, plus other types of business software – such as software for storing customer data, for example. Realistic threats posed to companies include the theft of customer or financial data, the manipulation of money transfers, virus infections on workstations and servers, the interception of network traffic, and the storing of illegal content on company servers.

Security risks can, however, be minimised by using an appropriate strategy. IT security needs to be seen as not just an occasional consideration. Instead, it must be taken into account in every aspect of corporate operations.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo