Where is IT Security in your priorities?

Where does your company stand on IT Security issues?   What steps are you taking to combat the rising trend in computer attacks?  Cyber Security is an important area of concern these days.  If you aren't prepared, you can easily fall victim to an attack without warning.   The Wall Street Journal reported [1] that

The Defense Department detected 360 million attempts to penetrate its networks last year, up from six million in 2006. The Pentagon alone has spent $100 million in the past six months repairing damage from cyberattacks.  

U.S. officials acknowledge that the hackers, believed to be mainly from Russia and China, are having some success. The Wall Street Journal reported this spring that cyberspies breached both the nation's electricity grid and the Pentagon's biggest weapons program, the $300 billion Joint Strike Fighters."

And CNN reported [2] that

The Department of Homeland Security reports the number of cyber attacks on government and private networks increased from 4,095 in 2005 to 72,065 in 2008.

This month, a Transportation Department audit -- carried out after hackers got into a support system containing personnel records -- indicated the nation's air-traffic control system could be at risk."

Companies have an obligation to protect the assets that they have become entrusted with, including the private data of their customers.  The Federal Government has recently issued the Cyberspace Policy Review [3], a "clean-slate" review to assess U.S. policies and structures for cybersecurity.  In light of this, here are some items for you to consider when it comes to doing a quick assessment of where you are:

1. Do you have an IT Security Policy in place?
2. Do you have a firewall in place?
3. Do you have anti-virus software in place?  Are their subscriptions up-to-date?
4. Do you allow remote access?  If so, do you use VPNs?  Dialup?  Other?
5. How quickly are user accounts disabled upon termination of employment?  Are they?
6. Do your users share passwords?
7. Do you have a password expiration in place?
8. What is your Incident Response Plan?

The threat of Cyber Crime is a real threat.  On January 18th, 2008, SANS published CIA Confirms Cyber Attack Caused Multi-City Power Outage [4].  This article quotes US Central Intelligence Agency senior analyst Tom Donahue  as saying: 

"We have information, from multiple regions outside the United States, of cyber intrusions into utilities, followed by extortion demands. We suspect, but cannot confirm, that some of these attackers had the benefit of inside knowledge. We have information that cyber attacks have been used to disrupt power equipment in several regions outside the United States. In at least one case, the disruption caused a power outage affecting multiple cities. We do not know who executed these attacks or why, but all involved intrusions through the Internet."

According to the Cyberspace Policy Review [3], 

The Federal government has the responsibility to protect and defend the country, and all levels of government have the responsibility to ensure the safety and well-being of their citizens. The private sector, however, designs, builds, owns, and operates most of the network infrastructures that support government and private users alike. Industry and governments share the responsibility for the security and reliability of the infrastructure and the transactions that take place on it and should work closely together to address these interdependencies.

This means that we share in the responsibility for the security and reliability of the networks that we design and support.  If you haven't begun thinking about IT Security, now is a good time to start.  At Waves Corporation, we will work closely with you to identify your needs and work within the budget that you provide.  We recommend and support F/OSS (Free / Open Source Software) whenever possible to help reduce your implementation costs and ongoing maintenance costs.