Being proactive is better than reactive

Remember the adage "a stitch in time saves nine"? This is probably intuitive, but our recent study of security in midsize businesses titled, "The Security Paradox", helped us document a clear relationship between the amount of time invested in "proactive security management" and the amount of time it took to response and "recover when an incident occurred".

Midsize organisations are cutting their security budgets at the same time as cyberthreats are escalating, according to McAfee's Security Paradox report, which was written in conjunction with MSI International. The study found that more than half of midsize companies globally have seen more security incidents in the past year, and a single midsized company lost on average $43,000 (Dh157,941) to security incidents. This paradox occurs in part because midsize companies are under the mistaken impression that hackers prefer to target larger companies.

Almost half of midsize organisations (43 per cent) think larger organisations (those with 501-plus employees) are most at risk of a security attack. In truth, organisations with less than 500 employees actually suffer from more attacks on average.

In numbers, the study found that 65 per cent of midsize organisations worldwide spend less than four hours a week on proactively managing IT security, but nearly the same amount (67 per cent) spend more than a day recovering from IT security attacks. Threat and response varied greatly from country to country, but uniformly the countries where companies invested the least time in prevention suffered the greatest financial losses and required a week or longer to recover from their most recent cyberattack.

Threats in disguise

Stressed employees, in fear of being laid off, spend more time than ever on networking sites like LinkedIn to stay in touch with business contacts and keep on top of employment opportunities. Marketing teams who still have to get leads but have no budgets use Facebook, and sales representatives who can't travel have to use video conferencing to stay in touch with customers.

Once there, cybercrooks can lure them to malicious sites that steal identities, capture credit card information, or infect their company laptops with malware.

Spam volumes grow by more than 117 billion e-mails every day, currently comprising some 92 per cent of all e-mail. And while everyone knows the dangers of fraudulent e-mail, phishing is still a highly profitable business: the average loss per victim is $866.

The one change, year over year, is that breaches are more quickly discovered. We see more organisations investing in vulnerability management software to combat these threats. To achieve the highest possible protection levels and the lowest possible risk and cost, organisations must consider an approach that incorporates these elements:

- Integrated defence across systems and networks to deliver layered protection

- Real-time threat intelligence and reputational analysis, backed by a dedicated team of security researchers

- An open security management platform that provides a singular management console and integration with multi-vendor environments

A cost-cutting environment provides an opportunity for companies to make their IT security solutions more streamlined and effective. The result of this approach is fewer security breaches, less downtime and revenue loss, and less risk in one of the toughest economies in decades. But how exactly does a company achieve this goal?

Combining consolidated protection with centralised management is security best practice, according to leading analysts and can be acheived through:

- Integration: Consolidate to security vendors who offer integrated suites rather than siloed products

- Centralised management: Gain greater visibility and increased control via a single management console

- Lower costs: Integrated solutions are more economical, resulting in savings in licence and support costs and efficient administration and management

This approach should extend to all five threat vectors – e-mail, web, networks, systems and data – and should incorporate auto-updating to ensure that the protection is current. The solution companies choose must cover every security element: system protection beyond anti-virus, web and e-mail security, network defence with firewalls, host intrusion prevention, network access control and data protection on every device.

With an integrated set of centrally managed security offerings, an IT administrator working for a midsize company can still dedicate the same number of hours per week, while gaining a more proactive security coverage.

We think that's the way security needs to be – comprehensive but easy to maintain. That way, midsize firms can focus on their core business.


- The writer is Senior Vice-President Global Mid-Market Segment at IT security company McAfee. The views expressed are his own