IT security awareness
In nowadays it’s very hot topic IT security. Almost every weak you can see in media that some major security breach or loss of data happen for quite big and well-known companies or even state-owned enterprise. This situation helps for general awareness about threats which are waiting in almost each piece of network but mainly on internet.
When people understand that there is some risk they are starting to ask what it means for them, for their company assets, data, etc… Next question is how complicated and expensive would be to protect against this danger. This and many other topics which will be discussed in this series of Security blog.
Main concerns of companies to not invest much money to IT security (or network security) or IT generally is that it’s not easy to see direct output from that investment. If you compare it to for example new production machine, you can see that you have more produced good than before so it’s easy to see the difference. With implementing security in company it’s much more complicated. If all is working properly and your company is protected, you do not see any output as they are not reports about stolen data, viruses on end user computers etc… Even worse if your network has been compromised you even do not know about it as there are no mechanisms to detect malware on the network. Just one day you can find your newly developed product on the market under different. Next bad aspect of security is, that it brings less comfortable “interface” to users. There has to be some restrictions in place, so user can’t watch their favorite stream videos, use chat programs or access social networks.
So why to implement it if there is no clear income? Answer to this questions is just statement that in this case it’s not question if someone will hack your network but just when this will happen… Basic step to make proper decision is to count how much money can be lost in case some important data is stolen or important web server will not be available for day or more, this should be compared with amount of money needed to implement protections at least for most critical systems. Implementing of IT security is never-ending story, as there has to be still some plan of improvement as hackers are still developing new methods of attacks. No network can say it’s 100% secure, this is just illusion. The right approach should be to keep your network secure to certain level that investment of hackers (time and resources, compute power, etc…) will be higher than possible income from successful attack on your network. This can be graphically displayed on the following picture:
Goal for all of us is to keep systems above the line hence you will be most probably skipped by hackers as there can be many others who are easier to hack than you…
Hopefully you did not get scared by this introduction and will In next post we will get into technical side how to start with protecting of IT infrastructure