Around two years ago, the company’s IT department came under attack from spyware infections. A high number of the 150 employees’ machines were affected.
‘It was really holding us back, slowing internal and external communications and jeopardising potential sales,’ Dixon says.
He freely admits that criminal gangs specifically targeted the company because it operates in the security arena and has worked with clients like Heathrow Airport, London Underground and the Ryder Cup golf tournament.
Who’s vulnerable?
Leslie Forbes, who is technical manager at IT security specialist F-Secure, suggests the nefarious hackers are mainly operating in China, Russia and the US. He says that while it’s mainly the larger companies that are being infiltrated, smaller outfits will soon be on the hit list and, when it starts, a lot of damage could be done.
A reason for the increase in IT breaches and identity thefts is partly due to remote working. Matt Fisher, vice-president of software venture Centennial, comments: ‘IT managers are increasingly aware of the dangers of infections from USB sticks and other removable media devices. They now tend to be ranked above internet viruses and malware as the number one risk.’
Fisher comments: ‘What we’ve seen in the past 24 months is that no PC now ships without a firewire port, Bluetooth adapter or WiFi port, so the avenues for getting information off a company’s network have doubled, if not tripled in a short space of time.
‘It means that a firewall or content filtering system is futile in preventing employees from removing this kind of [sensitive] information from a company’s security perimeter.
‘An employee can now copy stuff to a USB stick, PDA or an iPod. Although we see iPods as music devices, they’re just portable hard disks.’
According to Fisher, even these kinds of breaches can be stopped by encrypting portable devices and locking down machines’ security privileges so employees can’t use CDs, MP3s or other devices.
While IT managers may understand the risks, Fisher believes that others still need to be educated. ‘Where I think the work needs to be done is among the decision makers in the boardroom and senior management,’ he comments.
Dixon needed to persuade senior management to invest in a solution to block the hackers. After looking at various anti-spyware software, a friend in the US recommended a piece of hardware called the Barracuda Web Filter. He says that, since installing the device 18 months ago, spyware is no longer a problem.
Dixon, Fisher and Forbes are in agreement that relying on standard anti-virus (AV) software is no longer good enough, no matter whether you’re an SME or a multinational.
John Dunne, IT security manager with Grant Thornton’s risk management services, states: ‘The threat to IT systems will always be one of the highest risks to any company, regardless of its size.’
Dixon observes that a lot of breaches occur when people click on attachments or even try to update their AV software. ‘There’s no real solution to the problem,’ he says, adding that you just have to be vigilant and keep up to speed with the latest threats and solutions.