A long-time friend of mine in the IT publishing business is Frank Ohlhorst. I got to know him over more than two decades of his writing at CRN and elsewhere. Frank’s latest column is a bit disturbing for our forecasts for cyber security in 2015. His title alone will get our attention, 2015 prediction: Expect massive spikes in global information security threats. It is an interesting read for our clients in Orange, Los Angeles and Riverside counties who are interested in IT and Network security issues.
Here is a snippet of what he wrote:
Is the victim at fault?
When it comes to cybercrime, the complacency of the victims is sometimes at fault. While that does not excuse the criminal nature of the attackers, it does highlight the need for organizations to be proactive in protecting their assets – after all, the law only comes into play after a crime has be committed, meaning that the numerous anti-cybercrime laws on the books hold little sway against determined cybercriminals.
PwC is forecasting that global security incidents are on track to grow some 48% in 2015, which should strike a dissonant chord with the majority of security professionals.
With the idea of a security paradigm shift on the table, today’s cyber-defenders should be thinking in different terms than just traditional security initiatives, shifting their focus towards an ideology of “cyber risk management”, which is being fueled by an initiative founded by the NIST. The NIST has set forth a security framework (NIST Cybersecurity Framework) that stresses management over technology and highlights several best practices that should help organizations defend against the imminent threats posed by increasing cyber-attacks.
So what should you do at your company?
1. Identify your most valuable IT systems within your company. What is the most important data that resides there? Determine your obligations to protect that data and how important is it that those systems are up-and-running.
2. Do you have a current network/information security policy in place? Once you determine which systems and data are most important to protect, developing your policy becomes much easier.
3. Discover where you are most at risk. A quick and easy solution is to have someone perform a vulnerability assessment on your system. Alvaka Networks can help you with this. Vulnerability assessments are our most common security service we provide. It makes your work easy. We will help you match the protection needs of your most important IT assets with the vulnerabilities identified in the vulnerability assessment. From there you can easily create a roadmap for what you should do to protect you, your company and your IT assets from cyber-attack.
Contact your Alvaka Networks consultant or write to me directly at oli@alvaka.net or call 949 428-5000 x213 if you need some assistance in improving your security posture in 2015.
Smoke testing is a term used to describe the testing process for servers after patches are applied. 
Estimating an average time for patching servers and PCs can be a bit tricky. It can vary from one month to the next, depending upon the number and complexity of the patches released by your software vendors. You must consider all versions of operating systems and have a complete inventory of all your application software to do this job correctly. Our experience has shown that manual patching of systems takes on average of about 1.5 hours each.
This is a basic cost calculator for you to compute your typical monthly cost for patching your servers, PCs, laptops, tablets and associated application software. It also forms the basis for you to begin calculating your Return on Investment for software patching, or for comparison with alternatives to the manual process of patching operating systems and application software—such as Patch Management as a Service, also known as Vulnerability Management as a Service.