Print
Discuss
Send to friend
RSS feeds
Daily news podcastThe annual Infosecurity Europe trade show kicks off in London's Olympia on Monday, promising keynote speeches from industry experts, academics and leading technology practitioners and a focus on security awareness and data breach prevention.
One of the major events of the show is set to be the full launch of the biannual Information Security Breaches survey, conducted by PricewaterhouseCoopers. Pre-launch findings released last week highlighted the changing nature of the threat landscape, with increasing numbers of more sophisticated, low-profile attacks designed to steal sensitive information.
The study, carried out on behalf of the Department for Business, Enterprise & Regulatory Reform (Berr), found reported malware infections down by 60 per cent compared with two years ago, but according to PWC partner Chris Potter, firms should remain cautious.
"The reality is that companies are bombarded by thousands of different attacks every day and they're much more stealthy in nature," he added. "The end goal is different too – infection is now the means towards extracting confidential data or opening up security defences."
Although firms have largely implemented anti-virus controls now, patching strategies have actually deteriorated over the last two years, with many firms too slow in installing critical updates, said Potter. This could be due to the sheer volume of machines and applications that IT managers have to deal with today, and the risk of newly-applied patches causing systems to fail, he added.
The problems associated with patch management were highlighted last week when Oracle released a massive 41 security fixes in its second Critical Patch Update of the year, including one for a serious vulnerability in the Oracle Application Server.
One approach firms could take to ensure patching does not affect uptime across the board is by installing patches first onto a small number of machines in order to test their effectiveness, Potter suggested.
He also argued that security awareness-raising among staff is an essential element of a successful security risk management strategy. "Companies have good anti-virus security on the main path into their networks," he added. "But there is still the possibility for staff to accidentally bypass this by downloading a file someone sent them or visiting a web site they shouldn't, or by bringing in a USB stick with something on it."
Security awareness-raising will be a major theme at Infosecurity Europe, with the recently launched Information Security Awareness Forum backing a public awareness raising campaign to coincide with the show.
Ed Macnair, chief executive of web and email security vendor Marshal agreed that the education of end users is a key part of security. "Technology plays an important part but it's not the only solution," he added. "Every single part of an organisation needs to be educated but it's not enough to do it just one time – it needs to be an ongoing process."
As always, the three day event will also provide a platform for vendors to launch new products in the security space. Network security firm PineApp will be unveiling a new email security solution aimed at large enterprises and ISPs with advanced content filtering capabilities, while Check Point Software is launching five new appliances in two model ranges.
The firm's new Power-1 appliances combine 14Gbps firewall, IPSec, virtual private network (VPN) and intrusion prevention to stop application layer threats at a speed of 6.1 Gbps, according to Check Point's head of northern Europe, Nick Lowe.
Check Point will also expand its existing unified threat management line with three new UTM-1 Total Security appliances targeted at enterprises of varying si zes and featuring network-layer firewall, site-to-site and remote access VPN, gateway antivirus and anti-spyware, intrusion prevention, web filtering and messaging security capabilities
See also:
Websense survey finds IT is not to blame 08 Apr 2008
Security based on people and process - not technology 03 Apr 2008
The Information Commissioner's Office has some strong advice for firms making data breaches 01 Apr 2008
Users given greater IT freedoms, but not security training 28 Mar 2008
CompTia research finds big gap between perception and reality 14 Mar 2008
Security breaches have far reaching implications for businesses finds report 27 Feb 2008
Science and Technology Committee disappointed with government response to its 2007 report 21 Feb 2008
New organisation aims to reduce human failings and improve organisations' security 12 Feb 2008All Enterprise Security Technology
del.icio.us
Digg this
reddit!
