Basic IT security is essential, claims EventTracker

Friday 22 March 2013

Irrespective of the financial difficulties they may be facing, businesses cannot afford to overlook information security, it has been claimed.

EventTracker's chief executive officer A N Ananth said that unpatched systems or unprotected network perimeters "are very quickly breached".

"It is unthinkable that anything less than a 'basic' level of security is acceptable for operations," he told SC Magazine.

"This level is not a luxury, but a cost of doing business for operations of any size."

Mr Ananth suggested that, facing tough financial constraints, business leaders may be able to accept much greater risk than in prosperous times.

"Management accepts that a 'basic' level of security spend is necessary, but finds it hard to determine how much security is enough," he noted.

At the very least, businesses should invest in "staples" such as authentication, encryption for remote access, patch management and anti-virus software, Mr Ananth claimed.

Vulnerability scanning, intrusion detection and a security information event management system may also be deemed necessary by many organisations.

"When considering controls beyond these 'basic' protections, the IT asset owner is often in a better position than the security team to evaluate risk and, if cuts are required, to accept compensating controls," the expert claimed.

"Such an inclusive approach is more likely to be successful, as it includes business rationale."

Posted by Alex Boardman