Government was the top market sector receiving denial-of-service attacks in 2007, according to the latest Symantec Government Internet Security Threat Report. The public sector also topped the list for the number of identities exposed and was the second highest for the number of data breaches, according to the same report.
"Governments store a lot of citizen information, and the attacks have changed to become much more targeted toward finding personal information," said Gartner Analyst John Pescatore. "They are targeting state government, in particular, since there is a lot of citizen information and government employee information. These targeted attacks are a major trend change from three years ago, where there were more broad and random attacks that hit everyone differently."
As the laundry list of security threats continues to grow, CIOs must stay on top of these security trends and strategies:
- Manage risk at a higher level.With an increasing number of sources that need coverage, organizations have begun to shift security resources and decisions to higher-level decision-makers such as chief information security officers. Some officials encourage a combination of professionals focused on security and privacy, allowing organizations to cover the many bases of IT security.
- Protect portable data.One of the biggest government IT security issues is the protection of secure data from portable sources. Recent security strategies include using data-encryption software, network access control software and increasing wireless IT security.
- Secure Web applications.As senior research manager for Symantec Security Response Ben Greenbaum stated, there is an "increased focus on the Web as a medium for malicious activity. ... By actively leveraging the Web as a primary application for intrusion through trusted sites, hackers can leverage vulnerabilities to compromise thousands of individuals." Because of the extreme vulnerability of Web sites and Web-based applications, Web-application security is an increasingly significant security trend.
- Secure your endpoints.Endpoint security has emerged as an important tool to protect the organization's internal network. The term refers to measures taken to secure endpoints within an organization, including laptops, PDAs and other personal-computing devices. Vendors such as Symantec, Sophos and McAfee have begun to sell endpoint security products.
- Don't forget the basics.Part of a successful IT security plan is to use common sense by starting with the basics from a number of security best practices, such as keeping security programs current and performing basic IT security maintenance. According to Gartner's John Pescatore, it is key for security managers to implement proper security measures at the beginning of any new project. "Security is not just to run around at endpoints and try to keep the bad guys out," he said. "Let's build security in everything we're doing."
The bottom line: From consolidating security expertise to simply updating security programs, CIOs must tackle IT security from a number of angles in order to protect against the growing number of vulnerabilities.