Qualified Professionals Are the Best Defense
In spite of the many changes that have taken place during his more than 10 years in the IT industry, Rick Van Luvender, president of IT certification training provider InfoSec Academy, said one thing has remained the same: The best defense against viruses, worms, Trojan Horses, etc., is hiring skilled IT security personnel.
“At the end of the day, the information security strength of any organization is only as good as its people, policies and procedures,” Van Luvender said. “For organizations, the best investment they can make is people. Hiring someone that can understand the technologies involved, while respecting the fact that the business needs will dictate the level of security, is a tremendous asset.”
The value of capable security professionals will only increase, given today’s IT environment. Van Luvender noted that malicious code was a dangerous threat for any organization, regardless of size, infrastructure and trade, and added that more than $55 million was lost during the span of less than a year due to viruses, according to the 2004 CSI/FBI survey. Also, the average time between attacks for any given host connected to the Internet is approximately 19 minutes, according to research provided by the Internet Storm Center.
Van Luvender also pointed out how easy it was for a hacker, properly motivated and acquainted with the technology, to launch an attack on a system. For instance, the teen author of the Sasser virus was responsible for 70 percent of computer viruses received worldwide in the first half of this year. For home users, phishing scams perpetrated by theft rings continue to present a serious threat of identity theft.
Luckily, there is an ample amount of quality certifications out there for IT security professionals, as Van Luvender can attest. He holds CISSP, MCSE: Security and CompTIA’s Security+, to name just a few. Obtaining one—or better yet, a combination—of these and other certifications is the best way to acquire superlative security skills, he said.
Different companies will have different security strategies, which are based on a multiplicity of factors, but the common denominator will always be people, Van Luvender said. “After people, information security spending will vary from industry to industry, based upon the level of protection required. Individuals should invest time and effort in learning about the threats facing them, and the protective measures they should implement to protect themselves, including—at a minimum—antivirus/personal firewall solutions to help protect themselves.”