With the average cost of a single security breach at over half a million dollars, IT professionals acknowledge the need for proactive, enterprise-wide network security. In today’s business environment, it is the trends towards increased involvement of business leaders and legal departments that is an interesting dynamic to the security industry as a whole.
Counting the costs can be difficult. According to the 2004 CSI/FBI Computer Crime and Security Survey, worms account for the most significant losses and cost the 269 companies surveyed over $55 million. Denial of Service attacks were the second most significant at $26 million dollars. Globally, analysts estimate that in 2004 the Bagle, Netsky and Mydoom worms caused billions of dollars in lost productivity and IT restoration services.
Beyond these immediate costs to businesses, the impact of worm and virus attacks can be far-reaching. They cause inter-host relationships to change by using multiple vectors to spread spyware or Distributed Denial of Service (DDoS) attacks. This chokes the network with unnecessary traffic, consuming bandwidth and degrading the performance of networked voice, video and data applications, thereby reducing ability to carry out normal business transactions. Adding to the critical need for network security is the growing trend towards regulatory compliance. New regulations and standards oblige industry sectors to implement mandatory risk prevention and investigative response plans to protect private client data. Many professional associations and industry groups have now mandated self-imposed policies for their members.
Integrated security solutions as well as best practice methodologies help you to protect every point in your enterprise architecture including campus, data center, branches and remote workers – from worm, virus and DDoS attacks. With this level of enterprise-wide protection you are in a position to protect, optimize and grow your business.
An absolute priority for enterprise organizations is the ability to avoid, mitigate and quickly recover from potentially costly business disruptions caused by worm, DDoS, and virus attacks on the network. It is equally important to safeguard confidential data to meet self-imposed or regulatory privacy protection standards. Also critical is the privacy of potentially sensitive corporate voice and data communications in transit. The final prerequisite for network security is uninterrupted staff access to business applications that enables enterprise organisations to meet business continuance and resiliency requirements. Pervasive, integrated security helps protect and in some cases, prevent costly interruptions and network failure.
Integrating security at every level of your network protects organisations, and enables users to confidently use the network to optimize business methodologies and operations.
An enterprise network that can support mandatory security measures, allows businesses to commit to new programs and roll out new services, products, and improved business practices. Robust, enterprise-wide network security provides a competitive advantage and a measurable Return On Investment (ROI).
Increasingly intelligent and integrated security technology, alongside better collaboration with the industry, arms modern enterprises with more effective methods of dealing with network threats. Knowledge of security will soon, if not already, become as important as knowledge of IP as it effects users at all level within an organization, from CEO and managers to technical and non technical staff.
The author is security marketing manager at Cisco Systems.