Internet Security Services from Keep IT Secure.

INTERNET SECURITY

Why The Risks Exist

98% of UK businesses have IT systems and 98% of those are connected to the internet. Not surprising as the internet has been transformational in the way it has enabled easier worldwide communication and provided the platform for an explosion in online trading. Unfortunately it was never designed with the intention or expectation that it would be adopted and leveraged to such massive proportions consequently there are gaping gaps in how it was designed and developed.

The biggest problem is that governance and security have been left in the wake of this explosive growth with the consequence that the entire system is littered with security weaknesses. Criminals have not been slow to exploit these vulnerabilities and hacking has become big business.

Genuine concerns exist that unless the security risks now so inherent on the World Wide Web can be closed down or at least significantly reduced then this could ultimately bring about its downfall. There is no doubt that the internet is a dangerous place and it is vital that businesses do all they can to protect themselves against the threats posed. No business should consider itself immune – statistically it is almost inevitable that all businesses will experience an attack(s) at some stage and the objective must be to minimise the likelihood and contain the impact as much as possible.

The threats are wide and varied. They emanate from human intervention and/or the use of automated routines and software. Most worrying of all is the stealth way in which attacks are perpetrated meaning that in the majority of cases the victims are not aware they are being attacked until it is too late. Attacks often last for days, weeks or months during which time the victim organisation remains completely unaware of the damage being inflicted.

The internet is a truly 7 x 24 x 365 entity meaning attacks can be (and are) launched at any time from anywhere in the world. Crime syndicates have embraced this with massive success and unfortunately the nature of these attacks is such that the likelihood of the perpetrators getting caught is very low. Law enforcement agencies worldwide are woefully under-resourced when it comes to cyber crime prevention and detection and any resources they do have are already overworked focusing on such as paedophilia and other abusive uses of the internet. The result unfortunately is that businesses that do suffer an IT attack are largely left to sort themselves out – another good reason for adopting a “prevention is better than cure” policy.

Any computer system which uses the internet or connects with other systems including email is vulnerable to attack unless properly protected. Simply having firewall or virus detection software is unlikely to be sufficient and it is important to not be complacent. Unless you can be confident your systems are adequately protected it is best to assume they aren’t. Even where for example a firewall exists, unless this has been configured specifically for the situation it is intended to protect and unless it is kept properly up to date and regularly checked then in all probability it is not very effective. Arguably the most worrying scenario of all is the one where it is believed that adequate protection exists yet in reality it doesn’t.

The Risks

  • Individual PC’s or networks can be subjected to unauthorised access.
  • Attacks can be carried out either by hackers directly and/or through the insertion of spyware or other malicious software onto the target system.
  • Websites can be dangerous places (see relevant section of this website).
  • Private and confidential information may be stolen or corrupted.
  • Identity theft.
  • Credit card or bank details may be obtained or compromised.
  • Customer details or other business critical information may be obtained illegally.
  • Business or service disruption caused by malicious attack.

What can be done to alleviate the risks?

If the organisation has not previously been aware of these threats or if insufficient attention has been paid to security in the past then a good starting point is a discussion with an independent IT security consultant. Meritec will be happy to accommodate this for you on a no obligation basis and the first meeting with each client is free of charge. This enables us to assist clients in assessing if they would appreciate any further assistance and if so how, when, etc.

If the organisation has previously put defences in place it is still of value to arrange a no obligation meeting to assess the appropriateness of possibly having these independently verified. It could be that new threats or changes to software or infrastructure have introduced the need for alterations or new protection in certain areas.

The objective must be to put suitable deterrents in place such that any attempted attack can be trapped before causing damage or disruption. Automated attacks will typically be intercepted through the defences put in place (assuming they are suitable) or alternatively a human attacker will more than likely choose to move onto a softer target where they encounter a system with decent defences.

Whatever the circumstances the value of an independent assessment cannot be overstated – if it serves to confirm that existing security is adequate then at least that is underpinned by the fact that an accredited source has verified it. Alternatively if any weaknesses are identified then it is better to learn that from an authorised source working with your knowledge. It also informs what counter measures might be appropriate.

Because Meritec maintains an independent stance we can recommend solutions that best meet individual client needs and that are not restricted to offerings from any specific supplier – this enables the most suitable and cost effective solution to be built from best of breed components.


Back