A recent report by Computer Business Review suggests that 41 per cent of organisations are planning to increase their IT security budget by 16 per cent in 2014. Two-thirds of organisations revealed that they were concerned about security issues after seeing a flurry of news reports showing how security systems can be breached and private data infiltrated. Mark Kedgley, CTO at New Net Technologies (NNT) comments:” With cyber-attacks becoming ever more sophisticated, it is extremely important to ensure that your IT security is more advanced than the threats against your organisation.” Owing to complacency or naivety, too many organisations have failed to adapt security processes and procedures to reflect the changing threat landscape where the Advanced Persistent Threat (APT) is targeted, designed to steal valuable data” and leave no trace. Kedgley adds:” Businesses need a completely infallible way of detecting the presence of malware if and when it does manage to bypass the perimeter. The back stop to traditional defences ideally needs to be a real time alert triggered by any change to file structure that might indicate compromise or the beginning of the slow move towards the central core of the business.” In the mature threat landscape, File Integrity Monitoring (FIM) must be considered. FIM is proven to radically reduce the risk of security breaches; it raises an alert related to any change in underlying, core file systems” whether that has been achieved by an inside man or an unwittingly phished employee introducing malware, or some other zero day threat blasting unrecognised past the Anti-Virus defences. Flagging up changes in this way ensures there is no chance of an APT gaining hold; no risk of the stealth attack that gets in and out leaving no trace” there is a trace and the business is immediately notified.
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.