The dramatic increase in the number of security attacks and the sophistication of the cyber criminals masterminding them means there is a critical need for businesses to take a more radical approach to their information security.
2013 saw a surge in high-profile security attacks and data breaches – with the likes of Facebook, Twitter, Microsoft and Apple all suffering at the hands of cyber criminals.
Indeed, research commissioned by the Department for Business, Innovation and Skills last year found that 93 per cent of large businesses in the UK suffered a computer security breach in the previous 12 months, while 87 per cent of small businesses also suffered attacks.
This should be a massive cause for concern for any security professional, but the more worrying problem is that 70 per cent of these security breaches often go undetected for between two and 12 months. Furthermore, attackers typically sit in a network for three to four months before they extract data – by which time, they may know the systems better than even the company itself.
With this in mind, it is absolutely vital that companies rigorously test their systems and closely monitor their networks. A large percentage of data breaches can be avoided through improved education of employees, users and customers yet less than one per cent of security budgets goes on education.
Using ethical hackers and network testing experts will help companies to discover existing flaws within their systems, while also detecting human-made errors.
This ethical hacking approach helps businesses gain invaluable insight into security holes that may exist in their defences today.
Penetration tests and network security testing can simulate threats from both internal and external sources to identify flaws exposed through internet gateways, servers and firewalls, and evaluate the security behaviour of interactive websites and web applications.
Many businesses may look at the names involved in high-profile attacks and the staggering stats surrounding the growing rate of cybercrime and think 'if those guys are getting hacked, then it's inevitable that we will too.' But the good news is that this doesn't have to be the case.
To get a head start in minimising the impact of cybercrime it is imperative that businesses test their systems from the perspective of the hacker.
With the number of threats increasing by the day and the sophistication of hacker's methods, it is more critical than ever that organisations take a different approach to protecting their users, their systems and their data.
- Simon Godfrey is Sales Director, Security Practice at MTI with over 15 years experience in the EMEA security market helping organisations implement effective information security, risk and compliance programmes.