Applying control to cyber crime

Application control solutions are vital in the ongoing battle against security threats that use social engineering techniques, warns Stuart Small

Cyber crime is constantly evolving and the growing increase in the number of threats that use social engineering techniques is causing concern for several businesses. All it takes is for one user to click on a malicious link and a firm’s network can be brought to a grinding halt.

However, the same could occur if employees decide to secretly download the latest Bond film, unbeknown to the IT administrator. Yet to date there has been limited recognition that these problems often stem from the same root – employees. For resellers facing the day-to-day slog of trying to convince companies of why one security solution is superior to another, this could represent a golden opportunity to differentiate and win new business.

Application control represents a challenge for many organisations, particularly those based across multiple sites. Nearly half of all organisations do not know which applications are running across their networks and even those with strict IT security policies struggle to prevent employees downloading and using programs.

Staff do not usually intend to cause network problems or jeopardise security, but equally they often are not aware that by engaging in these activities, they could be compromising important data and inviting malware attacks. Also, they are doubtless aware that playing games or messaging friends is not likely to win them ‘employee of the month’.

While IT departments have in some cases turned a blind eye to what they struggle to control, cyber criminals are now making these users the vehicle of their increasingly strategically targeted attacks, which aim to steal both money and information from their victims.

Thus far, network management products have been inadequately integrated with security solutions, leaving gaps for cyber criminals to exploit. Now, as a new wave of combined offerings is hitting the market, resellers must demonstrate how to effectively implement these previously diverse elements, while providing ease-of-use and management. Succeed here and they will be able to present businesses with a compelling argument for turfing out existing security solutions and adopting an integrated approach to threat management and network control. C

Stuart Small is sales and marketing director at Sophos.