Top 9 Network Security Threats in 2009

Perimeter e-Security's Kevin Prince offers his predictions on the new year's threat landscape

1 2 Page 2
Page 2 of 2

Most providers have begun to see slowing sales and weaker profits. At the same time, regulators are requiring many providers to achieve and maintain strong compliance. While there is an increase in expenses, there is a decrease in revenues. I believe this will lead many providers to go out of business or cut corners that could lead to a compromise. At this time, it is imperative for organizations to streamline their 3rd party providers. Ensure you are using providers that have been in business for a long time and have seen hard times before. Use providers that have been regulatory focused for years rather than ones that are just trying now. Ask for audited financials and ensure that your provider is profitable.

Choose a provider that can offer you multiple solutions to gain the benefits of economies of scale. I am a big proponent of outsourcing, but it must be to the right organization.

#9. Downloaded Software Including Open Source & P2P Files - Steady Threat

IT administrators may be tempted to take on more themselves. They may download and install open source software or freeware in an attempt to save money. I have found that these tools in the hands of an inexperienced user may lead to a huge waste of time or a data breach. Almost all security software available commercially has a freeware or open source counterpart somewhere. The installation, configuration, fine tuning and other aspects of a software lifecycle sometimes are more than any individual can handle, especially if they dont have the time and training to do it.

Lastly, users that are allowed to download and install software on their desktops are a huge risk to their company. For example, we have seen unsuspecting users install modified versions of P2P software. Rather than just giving the user the ability to download music and movies (which is a bandwidth problem by itself), these programs can be modified to scan the local system and network systems to catalog sensitive information such as spreadsheets and databases and make them publically available for download anywhere in the world. Your firewall and most other security devices cannot detect or stop this activity.

All software downloaded and used should be done by a trained IT professional. I believe we will continue to see many data breaches as a result of downloaded software in 2009.

Conclusion

This doesn't have to be all doom and gloom. By realizing these threats, we can work to ensure our exposure is limited. Additionally, it gives us the opportunity to look at alternative solutions. A company that has traditionally kept their security management and monitoring in-house may use this as an opportunity to look at the cost benefits of outsourcing this to a leading security firm. Some of the technology you have been using to reduce your risk may be outdated and you can replace it with newer systems that can protect your organization better for the same or less money. Challenges such as this give us the opportunity to rethink the way we have done things in the past and find newer, optimized ways of securing our organizations. With data security, it isn't about having more as much as it is about having the right stuff. ##

Kevin Prince is Chief Architect for Perimeter eSecurity, a security-in-the-cloud provider that offers over 50 different services on a subscription basis in the areas of: Vulnerability Defense, Intrusion Defense, Network Defense, Email Defense, System Defense, User Defense, employee training, and email archiving.

Copyright © 2008 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
21 best free security tools to make your job easier