|Does Everyone in Your Organization ‘Get’ the Security Agenda?
reprinted with permission from SymantecSummary
End users often understand the need for security only in a general sense, without grasping the vital role they play in maintaining security. This article looks at the steps IT can take to convey the message that all employees must be proactive about adhering to security procedures.If there’s one issue that keeps IT managers up at night it’s security. According to Symantec’s 2010 State of Enterprise Security Report, cyber security now outranks traditional crime, natural disasters, and terrorism as the top risk at large organizations.
Moreover, the report found that nearly all the organizations surveyed (94%) expect to implement changes to their cyber security efforts in 2010, with almost half (48%) predicting major changes.
That being the case, it may come as a surprise that a lack of security awareness is still a fact of life at many organizations. Research conducted by the IT Policy Compliance Group shows that the number one cause of audit failure within organizations is lack of employee awareness.
This article surveys the current state of enterprise security and then recommends steps IT can take to convey the message that all employees must be proactive about adhering to security procedures.
Why 2010 is different
The most common costs were:
In all, enterprises reported that the costs associated with cyber attacks were $2 million in 2009. For large enterprises, those costs were even greater – almost $2.8 million.
That’s bad enough, but the report goes on to find that enterprise security is also woefully understaffed. And this comes at a time when enterprises are rolling out initiatives that make providing security more difficult, such as cloud computing and server virtualization.
Why you need to get the word out to everybody
Employees need to be aware that even simple actions, such as surfing websites and clicking a URL or link within an email, can put their company at risk It continues to be the case that employees who inadvertently violate data security policies represent a major factor in the occurrence of data breaches.
At the same time, organizations also need to understand that some employees actively go around security procedures that they feel interfere with their ability to get their job done. According to recent Symantec focus groups, some end users understand the need for security only in a general sense, without grasping (or caring about) their role in maintaining security. For these users, IT security is often seen as hampering innovative business initiatives and having a negative impact on worker productivity.
Stopping data breaches
Step 1: Protect the infrastructure. Today you need centralized visibility across your systems so that you can manage them efficiently and ultimately protect them against emerging threats. That boils down to securing all endpoints, protecting email, defending critical internal servers, in addition to backing up and recovering data securely. Symantec Protection Suite creates a protected endpoint, messaging, and Web environment that is secure against today’s complex malware, data loss, and spam threats, and is quickly recoverable in the event of failure.
Step 2: Develop and enforce IT policies. By prioritizing risks and defining policies across the enterprise, organizations can more effectively enforce policies through built-in automation and workflow. Workflow and automation allow you not only to identify threats but to remediate incidents as they occur or to anticipate them before they even happen. Symantec Control Compliance Suite is the only holistic, fully automated solution to manage all aspects of IT risk and compliance at lower levels of cost and complexity. Control Compliance Suite offers out-of-the-box content on multiple industry regulations, automated assessment of technical and procedural controls, Web-based dashboard reporting, and integration with other Symantec security solutions.
Step 3: Protect information proactively. Yesterday’s security approaches were aimed at securing the network. Today, organizations are taking an information-centric approach to proactively protect their information. By focusing on the data itself, you are able to understand where information resides, who has access to it, how it’s being used, and, even further, how to proactively prevent its loss. With Symantec Data Loss Prevention, organizations gain visibility into policy violations to proactively secure data with automatic quarantine, relocation, and support for policy-based encryption. Symantec Data Loss Prevention enables active blocking at both the network and endpoint to prevent confidential data from leaving the organization inappropriately. Symantec helps ensure the highest level of risk reduction to automatically enforce compliance with data security policies and enable organizations to change employee behavior.
Step 4: Manage systems. Security needs to make your life easier through standardization, workflow, and automation – simple things that you can put in place to make security software do the heavy-lifting, everything from patch management to regulatory audits. Altiris IT Management Suite from Symantec is the industry’s most comprehensive and integrated suite for reducing the cost and complexity of managing corporate IT assets, including desktops, laptops, and servers. IT Management Suite reduces operational costs, increases operational efficiency, and helps you make strategic decisions to secure and manage your IT environment.