The latest figures revealed by Microsoft at their recent security seminars state that 80 percent of security compromises are attributable to internal causes. Whether the security threats are malicious or due to employee error or misconfiguration, the results are the same: loss of revenue and productivity, and potential liability for the company. Internal threats can include hoax attacks, dissatisfied employees, disgruntled ex-employees, and contractors. Companies often address the Internet Gateway issues, most organisations will boast a firewall for instance, but will not have addressed internal issues. It’s the equivalent of going on holiday, locking the front door but leaving the windows open.

Many companies are vulnerable despite investing large amounts in firewall and AntiVirus solutions as they only react or implement a strategy in response to a security incident. The solution is to look beyond the firewall panacea and invoke a full security strategy that utilises available technology, policies, procedures, and practices.

Only after having established the risk element can a security strategy be implemented. Whilst no two companies are the same and will have different interpretations, a good security strategy should address the level of risk faced. It should:

Identify and determine the value of network assets.
Determine the cost associated with its loss.
Identify known and potential risk elements (threats).
Assess vulnerability to identified threats.
Prioritise assets by level of risk/vulnerability.

It is possible for companies to address all of the threats it faces by integrating the technologies available to provide an effective security barrier. Burnbank offer a range solutions to enable clients to establish a secure security policy. For instance each of these technologies complements the others and helps to create a more effective security program:

Firewalls and AntiVirus software provides gateway protection, but are ineffective against internal threats.
Content security (E-mail and Web filtering) closes the door against risk due to employee behaviour and abuse of IT resources
Intrusion detection and file monitoring solutions detect changes made to the system by malicious individuals.
Filtering technology enables management to enforce security policies and privacy policies while managing staff productivity and minimizing wasted network bandwidth.