Network administrators are too reactive to security threats, and should take a more proactive approach to their organisation's security, according to Barracuda networks.
Stephen Pao, general manager of security business at Barracuda, said too many organisations only deal with a security threat – such as the Heartbleed vulnerability – after it has occurred, without putting precautions in place before the issue arises.
Pao said: “Rather than being reactive to every individual threat that comes by – that would just be overwhelming – the alternative is to take a proactive approach, identify your threat vectors and provide comprehensive security across those threat vectors.”
Email, remote access and network users pose the largest threat to systems. Barracuda Labs said cyber crime costs businesses $400bn a year.
Pao explained that even the smallest industry changes – such as switching from Microsoft's XP operating system (OS) to Office 365, or upgrading Exchange – can lead to exposed vulnerabilities, due to a change in consumer behaviour and usage.
“The nature of how you protect the data changes a lot, just based on your application environment – and security is the worst, because it is a constant cat and mouse game,” said Pao.
Read more about BYOD
Conquer BYOD risks with mobile device management
BYOD and the issue of privacy
Consumer technology raises risk
Barracuda has seen an increase in web-based application uptake, which has also led to a lack of understanding of how these applications create vulnerabilities.
“I think what’s really created an uptick is administrator fatigue, as they’ve realised the old ways of protecting their data from internet threats just don’t work anymore,” Pao said.
This is mostly fuelled by an increase in BYOD and shadow IT, as users are progressively introducing technologies into businesses which increase the risk of threats.
And research by Ovum and Dimension Data found over 60% of organisations cannot adopt a bring your own device (BYOD) policy due to business risk and compliance rules.
“It’s often not just about security, it’s also about providing a policy to protect the viability of the workplace,” Pao said.
“To keep the user experience where it is, now all of a sudden the person that was just listening to internet radio in the background is actually producing a real threat to the productivity of the workplace, so it’s just about how you prioritise or block that traffic.”
An increase in iPhone and iPad users has created a cohort of users who don’t know how to properly use their technology. Since they can install their own apps, everyone thinks they’re an administrator.
Now connectivity is so widely available – for example, with public Wi-Fi hotspots – there is a substantially increased risk of infection.
“People don’t often understand the implications of what they’re doing, and so it really does put the onus on administrators to control what’s happening in the network, because a lot of the environment is chaotic now,” Pao said.