Information technology is expanding throughout all processes from E-mail to transaction systems, to databases full of data. With crackers and rogue insiders on the prowl, organizations need to be vigilant in their protection of their systems. The breach of security is harmful for all parties involved - the organization and those who conduct business with it.
The world is in information age, where all data is steadily migrated to electronic formats. Keeping information on databases and networks in convenient and efficient in comparison to endless folders filled with papers. However, this modern convenience is not all sunshine and roses; it poses dangers to business, clients, and everyday users of technology. There are malicious individuals who desire to gain access to private information and through perverted use of the same technology. Organizations that keep data in electronic formats or perform any tasks electronically are at risk and need to be aware of the business issues posed by those individuals. Smaller organizations do not always perceive themselves at risk because they thing that criminal hackers (crakers) and rogue insiders have no interest in them. That is not true, everyone is at risk; crakers brag and badges no matter the scale of damage they cause. They do not discriminate, if they can hack in to a system they will, even if it is a not-profit organization such as UNICEF. See the statistics of attacks as given below.
(1) 75% of all networks are vulnerable to an external attack, 95% with a secondary exploit.
(2) More than 65% of all networks are vulnerable to dial-in exploits.
(3) 100% of all networks are vulnerable to an internal exploit.
A 2005 FBI Computer Crime Survey announced that nearly nine out of ten organizations experienced a computer security incident with in a year and 20% of those indicated they had experienced twenty or more attacks. Given these high rates of security breaches, businesses should be concerned with the issues that may arise if they were to experience an incident. They should take measures to safeguard their organization, clients, and partners from the damages and threats of these intrusions.
Vulnerability management/assessment and penetration testing are the two most common methods used for the purpose of security assurance and fixes. Penetration Testing, probes the parameter of a network or facility, looking for its weaknesses. There is a tendency in the security industry to focus on one of the two methods, but it is important to use both since they compliment each other. Organizations tend to be reluctant to employ penetration testing because of the risks that are inherent, but it is a vital tool. They should keep in mind that it is more specific and tangible than vulnerability assessments and is the only sure way to know that the security measures in place are functional.
The world is in information age, where all data is steadily migrated to electronic formats. Keeping information on databases and networks in convenient and efficient in comparison to endless folders filled with papers. However, this modern convenience is not all sunshine and roses; it poses dangers to business, clients, and everyday users of technology. There are malicious individuals who desire to gain access to private information and through perverted use of the same technology. Organizations that keep data in electronic formats or perform any tasks electronically are at risk and need to be aware of the business issues posed by those individuals. Smaller organizations do not always perceive themselves at risk because they thing that criminal hackers (crakers) and rogue insiders have no interest in them. That is not true, everyone is at risk; crakers brag and badges no matter the scale of damage they cause. They do not discriminate, if they can hack in to a system they will, even if it is a not-profit organization such as UNICEF. See the statistics of attacks as given below.
(1) 75% of all networks are vulnerable to an external attack, 95% with a secondary exploit.
(2) More than 65% of all networks are vulnerable to dial-in exploits.
(3) 100% of all networks are vulnerable to an internal exploit.
A 2005 FBI Computer Crime Survey announced that nearly nine out of ten organizations experienced a computer security incident with in a year and 20% of those indicated they had experienced twenty or more attacks. Given these high rates of security breaches, businesses should be concerned with the issues that may arise if they were to experience an incident. They should take measures to safeguard their organization, clients, and partners from the damages and threats of these intrusions.
Vulnerability management/assessment and penetration testing are the two most common methods used for the purpose of security assurance and fixes. Penetration Testing, probes the parameter of a network or facility, looking for its weaknesses. There is a tendency in the security industry to focus on one of the two methods, but it is important to use both since they compliment each other. Organizations tend to be reluctant to employ penetration testing because of the risks that are inherent, but it is a vital tool. They should keep in mind that it is more specific and tangible than vulnerability assessments and is the only sure way to know that the security measures in place are functional.