Unfortunately, it is simply not enough to build a reliable security system and leave it at that. In the brave new world of networks, all information technologies are evolving at breathtaking speed, and this applies equally to the nasty tricks of the trade used by the cyber criminals. That is why it is necessary to be prepared at all times for the latest threats. This is a battle that never ends.

What then should we do to deal with evolving threats? First, we should create a mechanism that can respond rapidly to new attacks.Conventional security systems were based on firewalls that block unauthorized access and ID- or password-based authentication. This is literally a defensive formation based on “walls”. But such an approach is useless against enemies that possess new techniques to pass through such walls. What is needed is a more proactive, offensive formation.

Seen here is just such a proactive approach, a network security IDS, or Invasion Detection System. As its name suggests, this IDS detects attempts to hack into a system by analyzing the data flowing through a network and comparing the results with a database of known patterns of attack. If it identifies attempts at a denial of service attack, unauthorized access or port scanning as a preliminary to attack, it immediately raises the alarm and cuts communications. The corporate network is thus protected. What is of special interest here is the database: by updating it with the latest attack patterns, it is possible to handle each new hacker’s trick that comes along.

To ensure seamless security, it is not just the information system that you need to think about: it is important not to forget the human component in the formula. Difficult though it may be for managers to believe, according to one report 83% of cases where confidential information was compromised were “inside jobs”, perpetrated by employees. And of course, not all breaches are necessarily intentional. Someone might unknowingly infect the network with a virus as a result of browsing recreational Web pages; another might unwittingly introduce a Trojan horse into the system by installing a freeware program. The carelessness of a single employee can thus expose the whole company to untold danger. In order to keep your corporate networks safe, it is essential to raise security awareness among all members of your staff and make sure that they put into practice established procedures.

To improve the security of both information and human systems and implement best practices, many companies are now introducing and implementing security policies. The objective is to protect the information that represents a very considerable corporate asset. A security policy effectively coordinates security regulations and countermeasures. Based on the British BS7799 specification, an international standard, an ISMS conformity assessment system has been started in Japan. Naturally, Mitsubishi Electric offers full support for accreditation under this system, from consulting to actual implementation and management.

In the world of security, a proactive strategy that covers both systems and staff will lead to victory in the battle against cyber crime. At the same time, it will surely lead to success in business. The introduction and implementation of a security policy is beginning to have as much an impact on the way a company is perceived as ISO accreditation.

In the network age, Mitsubishi Electric is working hard so that your company will be fully trusted by its customers and corporate partners.