There is growing evidence that we are entering a new and dangerous phase in the IT security threats that organisations face.
For years, the received wisdom has been that if you have an Apple Mac, you’re safe; that there’s no real threat from the insecurity of smartphones; that you only need to worry if you’re using Microsoft.
Well, in the past week we’ve seen 600,000 Macs infected with the Flashback Trojan and Apple showing its complacency after a slow response to the threat. Security experts are increasingly warning that hackers are turning to smartphones, especially as businesses start to allow staff to use their own devices at work and those employees increasingly use their phones for sensitive tasks such as online banking.
Microsoft, meanwhile, recently launched a new trustworthy computing initiative, and is seen in many quarters as an example of how software providers should respond to threats.
How times change.
Look at perhaps the three fastest growing trends in IT today – cloud, mobile and big data. They are, in essence, all about taking applications and data out from behind the corporate firewall; about giving access to corporate systems to employees anywhere, anytime; and about putting large volumes of critical data into the hands of as many people as possible to help improve decision-making.
You can hardly imagine three things more likely to give IT security chiefs palpitations.
It’s no good simply saying, “This is bad, we must do something about it.” That’s been the cry of the frustrated since the first computer virus was detected, and we should be used to the fact by now that too many IT suppliers do not put security at the forefront of their design and development. With the growth of consumerisation, that’s not going to change.
But perhaps the statistic that should resonate most is that only 1% of all cyber attacks are from previously unknown threats – the other 99% are from things we know about.
If there is one lesson learned from tackling cyber threats to date, it is the importance of getting the basics right. No matter how the threats are changing, that’s the security mantra that all IT managers should follow.