Posted on: Wednesday 19 September, 2012 2:07
|Symantec Advises Businesses in Saudi Arabia on IT Best Practices in the Midst of Growing Regional Concerns for Information Protection
Cybercrime, spam and targeted attacks are on the rise worldwide, and the Middle East region is no stranger to this. According to the Symantec’s July Intelligence Report, Saudi Arabia is the most spammed country worldwide, with spam levels reaching 79 percent of all e-mail traffic. In addition, the ‘digital universe’ is predicted to grow in the next few years underscoring the importance for businesses to adopt proper backup solutions.
Today organizations in Saudi Arabia – whether public, private, small or large – need to take a different approach to IT. There has been a rapid expansion of information and mobile use in the workplace; making backup and proactive information protection vital. The main challenges facing businesses today is reducing cost, minimizing cyber threats, and protecting information while simultaneously embracing digital trends and enabling flexibility in the workplace through the use of mobile devices and cloud solutions.
• 48 percent of businesses find mobility somewhat to extremely challenging and 41 percent identified mobile devices as one of their top three IT risks (2012 State of Mobility Report).
• Information costs businesses $1.1 trillion annually (2012 State of Information Report).
• The most commonly faced issue among SMBs in Saudi Arabia is the inability to recover data from their backup devices, and 52 percent have lost data due to power failure in the last year (Symantec’s 2012 Middle East SMB Survey).
• Only 25 percent of IT teams have cloud computing experience; and 50 percent of organizations rate themselves as less than somewhat prepared to adopt cloud solutions (Symantec’s State of Cloud survey)
• Businesses have suffered an average loss of $247,000 in the past year based on financial expenses, data loss, damage to the brand, and loss of customer trust as a result of mobile adoption (2012 State of Mobility Report).
Information Management is Critical
A mere 31 percent of SMBs are backing up their data daily and of those, 67 percent are using external devices to do so, according to Symantec’s 2012 Middle East SMB Survey in Saudi Arabia. Organizations across the region are also suffering from the lack of an effective information protection strategy and Disaster Recovery plans, resulting in damaged brand reputation, increased risks, data loss, and increased operational expenses.
Symantec’s backup appliances, that are now available in Saudi Arabia, deliver an end-to-end integrated backup appliance for servers, storage, and software – resulting in 100x faster backups and an average 40 percent reduction in operating costs; and ensuring companies that their information is secure, stored, protected, and available.
In addition, cloud computing offers significant cost savings for businesses while introducing improved security by allowing patches to be deployed quickly, and providing better protection for services which have high potential for malicious activity, such as email.
Sophisticated Cyber Criminals
The Duqu, Flamer and recent Shamoon attacks have brought attention to the rise of targeted attacks in the Middle East and their ability to negatively impact business operations, bringing down entire systems, reducing work productivity and sometimes rendering organizations inoperable. In the case of Shamoon, there were less than 50 infections globally at a maximum of two networks, making the attack hyper-targeted towards energy companies in the Middle East. Adding to business concerns, Symantec’s Global Internet Security Threat Report, Volume 17 found that the number of malicious attacks towards organizations skyrocketed by 81 percent in the past year.
As Saudi Arabia and its neighboring countries in the Middle East are key emerging markets in today’s global economy, it is no surprise that we are seeing an increase in targeted attacks directed towards this region. Cyber criminals have become very advanced in their methods and timing – making the attacks even more devastating to the companies they hit and information recovery nearly impossible.
Mobile Security Threats Rising
Employees are bringing their smartphones and tablets into the corporate environment faster than many organizations are able to secure and manage them; leading to an increase in data breaches. Malware authors are now creating mobile-specific malware geared to the unique mobile opportunities. These threats are designed for activities including data collection, the sending of content, and user tracking.
According to Symantec’s State of Mobility Survey, 67 percent of companies are concerned with malware attacks spreading from mobile devices to internal networks. In addition, Symantec’s latest Internet Security Threat Report highlighted that mobile vulnerabilities increased by 93 percent in 2011 and that threats targeting the Android operating system are on the rise. Employees will continue to add devices to the corporate network to make their jobs more efficient and enjoyable so organizations must plan for this legally, operationally and culturally.
Best Practice Tips:
1. Secure Environments and Centrally Manage Data: The top four means of hacker incursion into a company's network are by exploiting system vulnerabilities, default password violations, SQL injections, and targeted malware. To help identify and respond to the threat of a targeted attack, security information and event management systems can flag suspicious network activity for investigation. The response team should run network tests and penetration testing centrally to ensure consistent deployment of security policies, patches, encryption capabilities, and information access.
2. Proactively Protect Information and Implement a Disaster Recovery Plan: Companies need to change their mindset from “this will never happen to me” to “this will definitely happen to me.” Businesses must accurately identify and proactively protect their most sensitive information wherever it is stored, sent, or used. Using technology to monitor and protect information, the security team should be able to continuously improve the plan and progressively reduce risk based on a constantly expanding knowledge of threats and vulnerabilities. Data loss prevention and security event management solutions can combine to prevent data breaches during the outbound transmission phase.
3. Enforce IT Policies and Educate Employees: A single negligent user or unpatched computer is enough to give attackers a way into an organization from which to mount additional attacks on the business from within. By assessing the effectiveness of the procedural and technical controls in place and automating regular checks on technical controls such as password settings, server and firewall configurations, and patch management, organizations can reduce the risk of a data breach. Users should be protected and educated with identity and access control, two-factor authentication and conduct security awareness training.
4. Think Strategically about Mobility: Build a realistic assessment of the ultimate scale of your mobile business plan and its impact on your infrastructure. Mobile devices are legitimate endpoints that require the same attention given to traditional PCs. Many of the processes, policies, education and technologies that are leveraged for desktops and laptops are also applicable to mobile platforms. The management of mobile devices should be integrated into the overall IT management framework and administered in the same way.
5. Trust the Cloud: Protection must focus on the information, not the device or data center. Businesses have to separate useless data from valuable business information and protect it accordingly by implementing dedupication and archiving and storing less to keep pace with exponential data growth. Since devices are essentially access points to the cloud, mobile and desktop devices need the same multi-layer protection we apply to other business endpoints.