Security monitoring: Having vision for the future

Security attacks such as website hacking, security breaches and malware threats are all becoming increasingly common and sophisticated in design. The latest high-profile security breach against Google once again reveals the importance of putting in place adequate controls to monitor networks, data and potential vulnerabilities. As more companies become reliant on internet services, the role of IT security will become even more paramount in protecting companies so that they can operate at optimum efficiency and effectiveness at all times.

Studies by the Ponemon Institute reveal that a security breach costs a company an average of £64 per file and it is approximated that in total security breaches can cost companies anything from between £10,000 to £120,000 a time. In addition to this, as of April this year the Information Commissioner’s Office will be able to issue fines of up to £500,000 for data security breaches it deems serious. Each case will be assessed on whether the breach was accidental or deliberate and how much distress the leak of information caused. As an ever-growing amount of personal data is stored and processed digitally, the introduction of this penalty will place a greater emphasis on how businesses protect their data and the security methods they deploy. As such, proactively investing in security monitoring can help businesses avoid the potential cost, loss of resource and productivity that security violations can have on a company.

At the moment it is estimated the average UK business receives around twenty viruses a year while larger businesses can receive an average of one per week. On top of this, the Informational Security Breaches Survey found that UK businesses have roughly one security breach per month. Yet despite this, most companies tend to only deal with security monitoring after they have already become victims of an attack.

As attacks on organizations are becoming more frequent it is imperative organizations recognize the importance of protecting themselves before they too are victims. The best method for spotting unauthorized activity and combating issues as they arise is to monitor networks continuously. Currently, many businesses have security policies which involve using more traditional methods, for example, firewalls and anti-virus equipment. Yet by having a more responsive and successful security monitoring procedure in place organizations can avoid threats such as web site defacements, corruption or loss of data, system misuse, viruses and trojans.

If a company is able to increase its visibility of malicious attacks and activity, it is possible to provide an early notification of any threats to a system. For IT managers and CIOs, having full visibility across all networks (which includes employees, processes and technology) ensures they can monitor and interpret important system events occurring within a network. As such, a comprehensive view of the network helps give early warning of malicious infection or attack by identifying any unauthorized activity.

To mitigate the security risk companies’ face, IT managers need to be able to manage, monitor and report data patterns within the system in real-time terms. This is a continuous cycle which involves collecting, aggregating and correlating network data to highlight any anomalies which indicate there has been a security incident. Once suspicious patterns have been identified, human intelligence can be applied to implement the appropriate measures and prevent the same, or a similar, security lapse from reoccurring. This data should be retained using industry-standard compression algorithms, which not only minimizes the storage space needed, but protects the information the data provides. Therefore, data retention is essential in demonstrating the effectiveness of security controls and proving compliance with policies and regulations.

Companies are increasingly being required to protect the information they acquire and ensure that it is not subject to misuse. Compliance and privacy regulations such as PCI DSS, Sarbanes-Oxley and Basel II are mandatory requirements for many businesses so protecting systems properly helps companies avoid dangers which range from theft of intellectual property to fraud, a loss of productivity and cost. Effective security monitoring also means companies avoid the indirect losses that can be incurred as a result of a hacking incident. Indirect losses can vary but consist of factors such as negative brand impact, a loss of shareholder confidence, failure in the ability to meet contracts and a loss of potential customers.

Security monitoring acts as a way to monitor risk but can also combine with auditing to streamline the reporting process. It can therefore be a useful business tool and help companies to maintain system efficiency and achieve maximum output. Effective security management not only helps companies avoid the cost and other implications of security breaches, but it enables an organization to limit the spread and damage of potential attacks.

As a rising number of businesses begin to operate online, and grow their online offerings, the online and offline world of companies are going to become increasingly intertwined through remote working, cloud computing, virtualization and social networking. As a result, the threat that security attacks pose will also increase and become much more complex, challenging and costly to defeat. For companies to protect themselves from new and emerging threats they will need vision. They will need the vision to act on what is facing them at any given time and the vision to plan for the future. In light of the challenges of effectively protecting IT systems, without hampering productivity, CIOs and IT managers are increasingly looking to call upon external experts to ensure that business-critical services are both safeguarded and optimized. External firms have the specialist skill, resource and capacity to monitor systems and give businesses a holistic view of their IT systems, which enables them to receive superior insight into potential security vulnerabilities and the opportunity for much greater service improvement than if they were trying to run such a system themselves.