Symantec has released its annual Internet Security Threat report and it contains some significant data which should cause any network administrator to review their network security protocols.
Some key items:
Eight breaches each resulting in over 10 million identities being affected. This is a 62 percent increase in high level breaches over 2012.
Over 552 million identities were affected in 2013. Personal information and other private data was released into the cybersphere.
78 percent of the public websites scanned by Symantec included some vulnerabilities which had not been blocked. 16 percent were deemed high risk.
Spear phishing campaigns increased by 91 percent in 2013. The severity of these was deemed to be lower but the quantity has taken a major jump.
The industies most likely to be attacked were mining, governments, and manufacturing. The odds were 1:2.7, 1:3.1 & 1:3.2 respectively.
Users, especially social media users, continue to get scammed. Fake offers of free cell minutes and other scams on Facebook top the list. There are several examples outlined and one major issue is friending people you don't know and sharing passwords with others.
Only half of mobile users take basic security steps. Storing personal and sensitive work related files on line in the same folders or program is one common area sited for concern.
The single most important recommendation is to do something to put better security procedures in place. There is much that can be done to improve security of your I.T. environment but taking action is the first step.
For suggestions of what to address you can reference some useful material developed to guide administrators and others to take the needed steps to protect their systems.
Some of these documents are pretty technical in nature and may take an IT professional to decide which have the best potential to guide your decisions. On the other hand IT security is not an amateur's field. The steps needed to build a secure I.T. network in this connected world are generally beyond the scope of all but the most knowledgeable non IT professional.
Saving a few dollars on the design and installation of your network is not a good decision for any business. The level of sophistication that those who make it THEIR business to try to access or disrupt commercial networks continues to grow all of the time. The best defence against their efforts is a professional security design and continued vigilance in maintaining all of the pieces of your protection systems.
Failing to take the steps needed to build a secure network and maintain it will mean that at some point you will inevitably experience some sort of disruption or loss. Effort and dollars spent on prevention are much better value than those needed to correct a problem once it has occurred.
Photo credit: By Jemy Scotlander (http://fingertipslive.weebly.com/) [GFDL (http://www.gnu.org/copyleft/fdl.html) or CC-BY-SA-3.0-2.5-2.0-1.0 (http://creativecommons.org/licenses/by-sa/3.0)], via Wikimedia Commons