Aug 20 2010

The Enemy Within

The majority of IT professionals acknowledge their companies could do more to protect against security threats.

Maria Sullivan
Vice President
of Business Sales

Did you know that October is National Cybersecurity Awareness Month?

Sponsored by the Department of Homeland Security (DHS), this public information campaign reminds us that our cyberinfrastructure is only as strong as its weakest link. It also emphasizes the difficult strategic challenge of securing cyberspace and the necessity for government organizations, businesses and even individuals to share the responsibility.

Are you doing your part to protect your digital livelihood from cyberattack? Is your business doing everything it can to protect its proprietary assets?

Uncle Sam’s Plan

The federal government takes the security of our information and networks seriously. Last fall, DHS opened the National Cybersecurity and Communications Integration Center, an around-the-clock “watch and warning” facility that works to “improve national efforts to address threats and incidents affecting the nation’s critical information technology and cyberinfrastructure.”

More recently, The Wall Street Journal reported that the National Security Agency is launching a program, dubbed “Perfect Citizen,” to detect cyberassaults on U.S. companies and government agencies running critical infrastructure (electrical grids and nuclear power plants, for instance). The program will attempt to combat emerging security threats.

What’s Your Plan?

Your business also needs a plan, a business plan in which security plays a paramount role. Why? Because security can make or break even the best of companies.

It might not be possible to anticipate and prevent every threat — none of us is omniscient, after all — but you can make a good-faith effort to protect your company’s valuable IT assets so they aren’t compromised, irrevocably damaged or lost.

The thing is, most organ­izations know they could be doing more to secure their infrastructure. That’s according to the findings of CDW’s recent IT Threat Prevention Straw Poll.

Most organizations know
they could be doing more
to secure their infrastucture.

The results are telling. For instance, 37 percent of respondents believe data loss from internal threats, negligence and accidents is the most dangerous security risk their companies face. Of the 200 IT security managers and decision-makers (from medium to large businesses) surveyed in March, nearly a quarter (24 percent) point to preventable threats — breaches, viruses and worms — as their biggest concern.

Also feared are malicious attacks or targeted intrusions (18 percent) and botnets (14 percent). Notably, the remaining 7 percent of respondents either did not specify what they most fear or simply said they “don’t know” what the next big cybersecurity threat will be.

Rather than succumb to fears, DHS suggests businesses flesh out proactive data and network protection strategies. Break down in fine detail how your IT assets support your business. Next, prioritize the bottom-line cost to the company if an asset becomes unavailable for any length of time. Then align spending on security accordingly, and establish a defense-in-depth approach, with your essential data at the core of this cocoon.

How do businesses get buy-in for their IT security budgets? Fear certainly plays a role. In our poll, 83 percent of respondents acknowledge that system breaches, security-related news stories or case studies from similar organizations would compel their business to dedicate more money to security and threat prevention. The rest say nothing could compel their business to do so.

It’s possible to ignore what happens to the business down the street, but no CEO wants to see his or her company fail. Unless you lay out in real-world figures the potential costs to your business should the unthinkable happen, sooner or later you risk becoming that business down the street.

Maria Sullivan is vice president of business sales at CDW.