Most organizations understand the need for effective external information security. Security officers should have a basic understanding of how to construct network defenses using firewalls, de-militarized zones (DMZs) that separate the public internet from internal networks, content filters and intrusion detection systems. But, unfortunately, securing an organization's information assets is a complex process. Networks grow and change in nature and structure. Internet security threats continue to evolve. Regular testing and strengthening of defenses are needed to ensure they are fit for purpose.

Research shows that although 80 percent of organizations use some form of firewall, more than half had no other security technology in place. This alarming statistic highlights the need for a holistic approach to information security. Building tough defenses in one area is useless if there are weaknesses elsewhere. Similarly, poorly configured or out-of-date security solutions might as well not exist. We have worked with clients who have suffered security breaches because a single firewall was poorly configured and allowed administrative access to a server. A network can be undermined by the electronic equivalent of a pinhole or hairline fracture. Therefore, network defenses need to be solidly-built and well maintained.