BY David Barker of 4D Hosting
It’s no secret that if you identify and correct a security threat at the earliest opportunity, it will cause the smallest impact to your business and the potential threat will be limited. Many companies will avoid vulnerability assessments/audits as they are time-consuming, continuous and tie-up resources. Even companies that have identified and resolved vulnerabilities within their business then fail to proactively assess for repeat occurrences of these weaknesses and can fall victim to the same threat multiple times.
We only need firewalls and intrusion detection: Putting anti-virus and a firewall in place is a great step towards protecting your business, but the implementation of these often leads IT managers to believe their business is safe from all vulnerabilities. Today’s complex environment has many more threats so developing a strict network and security policy, auditing it regularly and assessing for on-going threats will be critical in securing your IT systems.
We are not a target: You may think “it can’t happen to me”, but in recent years most cybercrime and vulnerabilities have not been specifically targeted. You may feel that only larger businesses should be concerned about this issue, but attacks due to a disgruntled employee, contractor or customer can leave even the smallest company under threat.
We don’t need assessments: Even if you have a remediation system you still need vulnerability assessments. These assessments will identify any weakness that may need correcting, including policy non-compliance and mis-configurations which a simple security patch system wouldn’t be able to address. An effective remediation system should be in place following any identified vulnerabilities in order to correct these and protect against future ‘holes’.
We are fine with a reactive approach: Most companies believe that their IT department can keep on top of the vulnerabilities and patches via a reactive update process. The reality is that if the IT guys don’t put a proactive system in place they could become lost in all the patches needed and not complete the actions thoroughly enough to protect the network.
We can’t afford more security: The cost of implementing proactive vulnerability analysis is questionable within a small enterprise. The management team may not understand the true costs of not putting a system in place and so will often downgrade the need, or put it on a low priority list of optional expenditure.
The reality is that if your system is brought down by a cyber-attack this will often mean mission critical systems won’t work and the business will be offline costing money, reputation and customers. Security assessments and security measures to protect your business should be at the heart of your business continuity plans.
We do not have the time: Businesses often believe that they do not have the time to stay ahead of attackers but with a powerful proactive process in security management you can secure your business and protect it against any future attack.
For a business to survive, security has to be one of your top priorities. A single attack could bring you down for a prolonged period of time, costing revenue and reputation, possibly even closing you down.
About the author
David Barker is technical director of 4D Hosting, having founded the company in 1999 when he was 14 and still at school. In 2007 he bought an industrial unit on the outskirts of London and set up 4D Data Centres as a colocation and connectivity supplier for small businesses in the South East of England.
In 2013, 4D Hosting re-launched with a focus on providing premium hosting packages and 24/7 support from its own engineers to technology companies, developers and geeks.
He can be contacted via Twitter on @David_4D.