|
|
| Intrusion
Audits - Taking Back Control
|
| If
access controls fail, it's just
a matter of time until you're
exploited by an intruder. |
| Hackers
from China, Hackers from Russia.
Over 40 banks compromised. 485,000
credit card numbers stolen and
stored on a government system.
And these are just a few of
the stories which have surfaced
recently. |
| Intrusions
can happen from inside your
network (users with authorized
access to systems) by disgruntled
employees, temporary contractors
who have no vested interest
in seeing your company succeed,
or vendors seeking revenge against
another vendor (it happens).
|
| Or,
intrusions can happen from the
outside, via modem, Internet
hack through a weak firewall
or filtering router, workstation
remote control software or other
medium. This is the 80/20 threat.
If it's an internal hack, the
matter can be dealt with quietly.
If it's an external hack, it's
outside your direct control
and may end up on CNBC or the
front page of the Wall Street
Journal tomorrow morning. News
of intrusions destroys investor
and client confidence.Consumer
confidence slows measurably
following widely publicized
intrusions... and there are
still consumer concerns regarding
security and online shopping.
Will e-commerce die as a result?
Absolutely not. BUT, the negative
news stories can slow things
down considerably. |
| If
your company is the victim,
an unmeasurable amount of damage
can be done with your client
relationships. Companies can
maintain positive consumer confidence
by proactively auditing their
systems, networks and methods
of control. Tell your clients
if you use an external security
consulting firm - which sends
customers the message that the
business they're using is serious
about protecting their personal
information and trust. |
| By
auditing your company's systems
and networks, opportunities
for intruders are greatly minimized.
If a security breach does occur,
call us to help identify who
it is, close the intruder's
point of entry to your systems,
and put a stop to it ASAP. If
your company has us on retainer,
we will have our Tiger Team
on-site usually within hours.
|
| If
you request a Tiger Team on-site,
we'll preserve evidence, gather
whatever audit trails are available,
work to determine the source
and identity of the intruder,
and - if you decide, team with
law enforcement officials and
the district attorney's office
to prosecute the perpetrator.
|
Of
course, this is the worst case
scenario, and most companies
choose to simply close the vulnerability
and move on. That's not a bad
decision... if millions of dollars
aren't on the line. But if it's
a high stakes game, consideration
needs to be given regarding
getting experts on-site as soon
as possible.
|
|
