Making security work for you

In November 2006, 62 new web-based viruses and malicious software packages were identified.

Even more alarming, the growth is fuelled by organised crime and shadowy commercial ventures operating on the edge of what is seen as legitimate.

Today’s malware is more likely to have criminal, rather than disruptive, missions. And the longer it goes undetected, the more information may be extracted and the greater a company’s financial loss.

Yet malicious attacks are only one part of a highly volatile threat spectrum that has increased the cost of security to business and government by 50 per cent.

So what should businesses do. Security evangelist Ivan Ristic has a few simple guidelines for firms to follow.

‘Security has, in the past, been seen as a black art,’ he says. ‘It has been too technical and these are new types of threats that we have not really had a lot of experience in learning how to handle.’

Security does not have to be a difficult topic, but it does need to be viewed as a process, says Ristic.

‘Security has to become part of the way that we react with our environment, and how we respond to events,’ he says. ‘And to implement any process, everybody needs to be educated – starting with the engagement of the board and then cascading through the organisation. That way it becomes a 50-50 split between the business and technology.’

Ristic says people are the weakest point in any security system, and continuous effort needs to be applied to make people aware of security issues and their personal responsibilities. Too often, people simply focus on their job rather than the bigger picture. Security should be about process, possession and ownership, rather than technology, threats and risk.