On Sundays, I try to relax and not think about IT security, but an interesting story on the front page of theWashington Post got my attention. In 1969, the Pentagon’s Advanced Research Projects Agency pioneered a computer network linking about 100 universities and military sites. It was called ARPANET, and it was the beginning of what later became the Internet. Fast forward, and the Internet permeates the business world, which would look very different without that Pentagon military project over 46 years ago.
From the beginning, some computer scientists warned that the Internet and its data transmission standard — Transmission Control Protocol/Internet Protocol (TCP/IP) — was vulnerable to hackers if it did not incorporate encryption. For this reason, the military created its own encrypted network, still using TCP/IP, but the civilian Internet kept its fundamentally open nature. Encryption, and the hardware needed to support it in the early days of the Internet, would have been very costly, perhaps even preventing the nascent Internet from succeeding.
Of course the Internet did succeed, and the first worm appeared in 1988, created by a Cornell University graduate student. Today, over 10,000 new malware threats are discovered every hour, a quarter million a day.
Billions of dollars are spent each year on anti-phishing, anti-malware, anti-spam and other security solutions, yet threats still find their way into many small-to-midsized businesses (SMBs). What can be done? What is the antidote to this epidemic of phishing, next-generation malware and other threats? Unfortunately, there is no magic solution, but enterprises can take some recommended steps. SMBs without an IT department can consult with a managed service provider (MSP) for help in implementing these security best practices:
effective training for users to detect phishing attempts
detailed and thorough company policies that encourage acceptable user behavior
enterprise-grade alternatives to less secure consumer-focused tools
layered security solutions that better thwart malware, phishing attempts and other threats.