Something besides the growth of the Internet is driving the rise in security attacks. Here are some realities:
Operating systems and applications will never be secure. New vulnerabilities will be introduced into your environment every day. And even if you ever do get one operating system secure, there will be new operating systems with new vulnerabilities – phones, wireless devices, and network appliances.
Old computer security jargon used to speak of “trusted” networks and “untrusted” networks. At best, your internal networks today are “semi-trusted.” For instance, a company with over 50,000 nodes may have thousands of users who are connecting from home offices through cable modems. That makes the entire neighborhood of each of these employees become part of the corporate network. As employees are connecting to your network from homes, other offices, or hotels outside of the physical enterprise, new vulnerabilities are opened up.
Network security and location security. If they don’t get in quickly and easily through your firewall, modems or Web server, they can always walk in through the front door, smile at the receptionist, tailgate into a passcard-protected area behind one of your employees, proceed to an empty cubicle, and sit down at someone’s unprotected computer.
Employees will never keep up with security polices and awareness. It doesn’t matter how much you train and educate your employees. If your employees disregard warnings about the hazards of opening questionable email attachments, how are you going to educate them about properly configuring firewalls and intrusion detection systems for their home office PCs?
Managers have more responsibility than ever and on top of facing the realities listed above, security managers are being asked to support increasing degrees of network availability and access..
