According to the information security survey we did for this issue, in which
more than 80 CIOs participated, organizations are spending most of their time in
combating virus attacks. And this is happening despite the fact that everybody
already has anti-virus software in place. Any guesses on what's the second most
time consuming task? It's protection against data theft. If you think that's
scary, then here's something scarier. The top security incident that our
respondents suffered from over the past few years was laptop thefts, and the
second highest was theft of confidential information. Such is the state of
affairs with information security these days.
Nobody's safe anymore, organizations and individuals alike. So if you think
your presence on the Internet is so insignificant that nobody would attack you,
then you're mistaken. Today, there are so many malware programs lurking on the
Internet that your machine will be turned into a zombie in a split second, if
you don't have the necessary security software installed, and it's not updated
properly. Don't believe it? Then just turn on the alerts in your system's
personal firewall and connect it to the Internet. You'll be surprised to see the
number of times your machine gets scanned by malware trying to break-in. And
these attacks are not to infect your machine with a funny virus that displays
messages or causes a nuisance. These are happening to steal your critical data
like credit card information, bank account details, and other personal
information.
Anil Chopra, |
So it's quite clear that security threats are increasingly changing from
being a nuisance to becoming extremely dangerous. Moreover, the new wave of
security threats try to avoid getting noticed. They are more subtle, and
inclined towards quietly stealing important information to avoid detection. Just
like a disgruntled employee trying to quietly walk away with your company's
confidential information on a USB flash drive or sending it out over a chat
session using a public IM which you've provided open access to.
Since the security threats have changed so much, you can't afford to keep
following the same old security solutions and policies to combat them. Our
survey showed that everybody had anti-viruses, anti-spam, and firewalls running.
And yet, many had suffered from serious information security incidents. What's
required therefore is re-assessment of security threats in your organization,
followed by an appropriate action plan. This should include a combination of the
right security solutions and policies. Our cover story this time covers this in
more detail.
After all, information security is everyone's responsibility, organizations
and individuals alike.