Most Cyber Attacks Can be Prevented with Monitoring

Did you know that nearly half of companies these days are reducing or deferring budgets for IT security, despite growing instances of web incursions into databases and other private information? That’s according to a 2009 study by PriceWaterhouse Coopers.

I came across that number while reading a story about in Wired that reports on a Senate panel’s finding that 80% of cyber attacks can be prevented. According to the Richard Schaeffer, information assurance director for the National Security Administration (NSA), who testified before the Senate Judiciary Subcommittee on Terrorism, Technology and Homeland Security, If network administrators simply instituted proper configuration policies and conducted good network monitoring most attacks would be prevented.

Larry Clinton, president of the Internet Security Alliance, a group that represents banks, telecoms, defense and technology companies and other industries that rely on the internet, told the panel that much of the fault is with companies and governments who collect and store data. He said that “they do not understand themselves to be responsible for the defense of the data. “The marketing department has data, the finance department has data, etc, but they think the security of the data is the responsibility of the IT guys at the end of the hall.”

Others, like Philip Reitinger, director of the National Cyber Security Center at the Department of Homeland Security, a former Microsoft executive, said that end-users need to be made aware of the simple things they can do to protect themselves — such as keeping software and anti-virus up to date.

I’m in total agreement here.

Companies who do business on the web but want to improve their security have a simple solution at hand: invest in monitoring of data and transactions. The service they choose should provide frequent monitoring of websites, email servers, firewalls, VoIP, databases, domain name servers, routers, web servers, and it should offer several different ways of reporting on incursion attempts, for example, via SMS or Twitter. To stay on guard round-the-clock, the vendor should be able to do it from the cloud – from anywhere in the world.

For more information on the state of cyber security, read the full article here.