Contributor:
Andrew Avanessian
October 29th, 2014

Unravelling the World Wide Web and its impact on IT security

Last year, 73% of the UK population accessed the internet every day, according to figures from the ONS, and in our workplaces, more and more time is spent online.

Today’s workers expect full access to online content in order to do their jobs effectively. With the rising influence of millennial employees, an increasing number expect to be able to access social media and other personal content at all times too.

But what does this mean for security? Breaches are at their highest level in UK history, with the ‘McAfee Labs threats report, fourth quarter 2013‘ noting 288,000 global malware samples each day – around 200 per minute. Heartbleed affected an estimated 600,000 internet sites, while an experiment by McAfee in 2014 revealed that 80% of workers fall for a phishing email at least 14% of the time.

There are a number of security strategies that IT professionals can adopt to combat this rise in security breaches. But we know, from our research with Ponemon as part of the Get on with IT campaign, that perceptions of effectiveness bias efforts towards managing traditional, reactive technologies which may be easier to implement, rather than prioritizing those which are proven strategies, likely to reduce time wasted elsewhere.

The Ponemon study found that IT and security professionals in the US spend 34% of their time managing user profiles and 48% securing the endpoint. The challenge then is to determine ways to improve the IT department’s productivity and free up time to be strategic, creative and profitable.

So what’s the solution?

To ensure workers have the online freedom they need while preventing attacks, a holistic approach to security based on DiD (defense in depth) strategies is required. Evidence suggests that to combat increasingly complex attack vectors, organizations need to adopt a layered strategy that prioritizes high-impact solutions, such as privilege management, application whitelisting and patching.

However, sometimes advanced persistent threats can still slip through the net. Vulnerabilities in web browsers, Java and software such as Adobe Reader and Microsoft Office still exist and malicious code can enter a network as workers go about their daily tasks if the latest patches are not in place.

To close the gap, organizations can turn to sandboxing, which safely contains web threats, isolating any malicious activity. This final layer of defense allows individuals to browse the web freely, so that productivity is unaffected, providing additional security and peace of mind.

Avecto’s new endpoint security solution Defendpoint addresses this challenge by providing a three-layered approach to overcome unknown threats, ensuring that the user experience remains a key priority. We know from experience that success depends on addressing the needs of the user, up front and throughout the security project.

See Defendpoint in action here.

More from the Blog

Related technology and security insights

  • 28
    Jun
  • Story related

    NotPetya ransomware: Attack analysis

    On June 27, 2017 a number of organisations across Europe began reporting significant system outages caused by a ransomware strain referred to as Petya. The ransomware is very similar to older Petya ransomware attacks from previous years, but the infection ...