For most midsize organizations, Windows plays a major role in keeping their business running and their employees productive. But these organizations often fail to appreciate the vulnerabilities in Windows-based systems that place them at risk. Each day, midsize organizations face such challenges as backing up mission-critical data, protecting users from viruses and other “malware,” and keeping their customer information and other intellectual property from falling into the wrong hands.
This article explores these and other challenges that Windows-centric IT shops encounter today. It then shows why midsize organizations, which typically do not enjoy the level of IT resources of large enterprise operations, must act now to ensure the security and availability of their data, systems, and applications.
A continuously evolving IT environment
In today´s fast-paced networked world, the free flow of information is essential to success. Midsize organizations are challenged to improve the ways they share information among employees, partners, suppliers, customers, and other constituents. But as the pace of business continues to accelerate, the IT environment in which these organizations operate has undergone an unprecedented transformation in the past decade. Consider these aspects of today´s “threat landscape”:
Attacks – Denial of Service (DoS) attacks target a computer system or network and cause a loss of service to users. This typically involves a loss of network connectivity and services due to a deliberate maximum consumption of bandwidth or overloading of computing resources of the victim. In the second half of 2005, the average number of DoS attacks detected per day was 1,402, an increase of 51% over the first half of the year, according to Symantec research.
Malicious code – Over the second half of 2005, more than 10,992 new Win32 viruses and worms were documented, a 49% increase over the same time period the year before, according to Symantec. Malicious code is increasingly being used to generate profit and expose confidential information. During this period, 80% of malicious code exposed confidential information.
Vulnerabilities – In the second half of 2005, 1,896 new vulnerabilities were documented by Symantec researchers, the highest recorded number since 1998. Overall, 40% more vulnerabilities were identified in 2005 than in 2004. Web application vulnerabilities made up 69% of all vulnerabilities during this period. And the average time between the announcement of a vulnerability and the appearance of exploit code was 6.8 days.
While these “threats” are typically considered security-related, there are other issues that can cause concern for midsize organizations. These include:
Exponential increase in data volumes – Data volumes continue to grow at 40% to 60% each year, making it more and more difficult for administrators to back up mission-critical data in acceptable time frames (or within available backup windows). In addition, the need for instant, on-demand data recovery is becoming increasingly vital for business operations.