LUCHS.AT - Security - Improving the Security of IT Infrastructure against Cyber Crime and Government

Ever since the espionage scandal hit the news in Summer 2013 we have been busy checking infrastructure and software configuration in order to improve the defence against intrusions, network traffic capture, and attacks. The leaked documents clearly erase the boundary between cyber crime and state-sponsored attacks. This is nothing new. Defending information technology has always been agnostic with regards to the identity of the attacking party. Their resources play a crucial role though. Most government agencies have budgets companies and organisations cannot compete with. Improving your security should be done any way, and here is why.

There is no such thing as a static defence. You will always have to deal with change. Software upgrades is the main reason for change, but so are new algorithms or capabilities. Cryptography is a good example. Encryption is a basic component of securing data transmissions and storage. NSA, GCHQ, et. al. weakened cryptographic implementations and standards. Too many enterprises rely on outdated algorithms and a wrong choice of configurations. Reviewing your crypto capabilities is a good start. While you are doing this, also review your choices of data storage, outsourcing companies (think "cloud" which can be easily attacked without your knowledge of compromise), and components you use for transporting or holding your data. Since vendors have been affected by the espionage scandal, you might have to change your options by changing suppliers entirely.

Cryptography is just a start. We have been very busy reviewing and adapting our own infrastructure. We can help you to make the attacker's job as hard a possible without stretching your budget to NSA scale. Just give us a call or send a message.