Cybersecurity comment: A holistic approach to threat vulnerability

Issue 5 2020 Information Security

Hi-Tech Security Solutions asked a few cybersecurity experts to tell us about the current threat landscape, including what individuals and companies can do to protect themselves.

This article features insights from Dane Walker, cloud infrastructure manager, LanDynamix.

Dane Walker

In assessing the threat vulnerability of an organisation, it is necessary to look at the full spectrum of the issue and ensure all points are adequately covered.


Dane Walker.

Edge protection

Protecting the network edge has become more important than ever. As networks expand, so do potential attack points, because of the increasing number of endpoints organisation rely on, including but not limited to desktops, laptops, mobile and IoT devices.

At an absolute minimum, a well configured next generation firewall (NGFW) needs to be put in place that makes use of web filtering, application control and intrusion prevention to aid in the protection of the network edge.

Larger organisations may need to look at specific appliances such as web application firewalls and application delivery controllers for additional layers of security – the one caveat is that this approach can be quite costly.

Is your data safe because it’s in the cloud?

Replication does not constitute backup. Your data is not safe just because it’s in the cloud. Most cloud offerings provide neither a backup nor data security option out of the box. The number one defence against malware is backup. If there is no option other than wiping your system and starting again, you need to ensure that adequate backup is in place.

Your work/personal machine could be hit by malware, but you’re working on data stored in OneDrive, Dropbox, Google Drive, etc. The malware can easily find its way to any of these storage facilities and infect other files. Cloud backups (as opposed to simple replication) are thus no longer optional but rather an essential.

Other solutions include:

• Next generation firewalls – providing intrusion prevention, botnet and command and control (C&C) protection. Ideally, malware should be dropped at the edge. Configuration of the firewalls and password security is therefore of the utmost importance. One example would be having remote desktop protocol (RDP) open from the Internet – this is still one of the most common threat vectors. Even with IPS enabled, weak passwords can be guessed, or brute forced in no time at all without the IPS picking it up. Ideally in this case, RDP should only be accessible via more secure methods.

• Password security - weak passwords are a hacker’s dream. Password complexity and change requirements should be enabled wherever possible. This is a cost-effective starting point for any organisation.

• Antivirus – a reputable and, ideally, a managed solution is an absolute must for endpoint devices. Network security is almost defunct when most users head home after work, or now during the COVID-19 lockdown, during work. You must ensure threats are negated before the user enters your network.

• Network segmentation – often thought to be within the budget realms of larger organisations only, there are solutions available for smaller companies. Especially in the age of BYOD, you want to ensure that you keep personal devices off the corporate network.

The insider threat: Focus on a zero-trust network model

This has become more complex to mitigate. Access control lists, both from a network and user perspective, as well as physical security of data storage, have in the past been used to prevent a breach. The trouble nowadays is that data needs to be easily accessible, and with that comes added risk.

The following tools can be used to help prevent the threat from within:

• Multi Factor Authentication (MFA) – an effective and relatively inexpensive way to limit access to data. Users are required to verify identity through an authentication code before company resources can be accessed. This can be deployed via SMS or – better still – a more efficient authenticator app.

• Switches – this technology has been around for some time. If the right hardware is in place, one could look at deploying technologies such as 802.1x where every device on the network needs to be authenticated before it can gain access to network resources.

• Data Leak Prevention (DLP) – this is something that most well-known firewall brands should have enabled. Depending on the technology being used, DLP allows you to prevent sensitive information – bank account details; ID numbers, etc. – from leaving your network.

Server and data centre security

This area has a few similarities to edge protection in that servers and data centres are still sitting on their own network edge. Depending on requirements, a capable NGFW should be one of the first things to look at deploying. Dedicated security appliances for web and application security can be an asset. Servers and data centre resources are generally more exposed to threats as this is where most of an organisation’s crucial data or applications sit.

• Backup – as mentioned under malware threats, this is of the utmost importance.

• Antivirus (AV) might seem like an obvious thing to consider, but there are several things that organisations can overlook. You need to consider if the AV solution you are using is designed to be run on server infrastructure. Servers are far more complex by design than a normal PC and often run applications and systems that need AV solutions that can work with these.

• From a data centre perspective, central management of the AV is another key factor.

Protecting communications

Several of the above-mentioned solutions will greatly aid in this regard, however, if we refer to what most people perceive as communications (voice and mail) there are a few tools that can additionally be considered.

• Mail security – at the very least a solution that can detect and mitigate spam, viruses and phishing attempts should be implemented. Some products also offer archiving services which can be useful in a case of data loss, whether accidental or malicious.

• Voice security – with more and more organisations moving over to VoIP services, risk concomitantly increases with it. The following questions need to be answered:

◦ Handsets – are the devices running firmware with known vulnerabilities?

◦ Network security – is there a firewall in place that can provide an adequate level of voice security, especially when running on broadband links without causing issues with voice quality and reliability?

◦ CloudPBX – does the provider run an up to date platform that has solid security and network infrastructure to support it?

Last and most certainly not least: phishing protection

One of the best defences against phishing attacks is education. Threat actors are finding ways to bypass mail and other security systems by composing authentic looking emails and directing users to authentic looking, as well as genuinely authentic websites. These sites would then ask for sensitive information which is promptly sent to the attacker. Three simple tips will help in stopping phishing attacks from being successful:

1. If something looks too good to be true, it probably is. Do some research and ask around if you’re not sure.

2. If you’re not expecting a PO or payment instructions from someone, report the mail to IT immediately.

3. If your CFO or other high-ranking exec has asked you to expedite a payment, report to IT immediately so they can confirm that the email address that the mail originated from is actually from the true source and not bogus. 




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
Upgrade your PCs to improve security
Information Security Infrastructure
Truly secure technology today must be designed to detect and address unusual activity as it happens, wherever it happens, right down to the BIOS and silicon levels.

Read more...
Open source code can also be open risk
Information Security Infrastructure
Software development has changed significantly over the years, and today, open-source code increasingly forms the foundation of modern applications, with surveys indicating that 60 – 90% of the average application's code base consists of open-source components.

Read more...
DeepSneak deception
Information Security News & Events
Kaspersky Global Research & Analysis researchers have discovered a new malicious campaign which is distributing a Trojan through a fake DeepSeek-R1 Large Language Model (LLM) app for PCs.

Read more...
SA’s strained, loadshedding-prone grid faces cyberthreats
Power Management Information Security
South Africa’s energy sector, already battered by decades of underinvestment and loadshedding, faces another escalating crisis; a wave of cyberthreats that could turn disruptions into catastrophic failures. Attacks are already happening internationally.

Read more...
Almost 50% of companies choose to pay the ransom
News & Events Information Security
This year’s Sophos State of Ransomware 2025 report found that nearly 50% of companies paid the ransom to get their data back, the second-highest rate of ransom payment for ransom demands in six years.

Read more...
Survey highlights cost of cyberdamage to industrial companies
Kaspersky Information Security News & Events
The majority of industrial organisations estimate their financial losses caused by cyberattacks to be over $1 million, while almost one in four report losses exceeding $5 million, and for some, it surpasses $10 million.

Read more...
Digital economy needs an agile approach to cybersecurity
Information Security News & Events
South Africa is the most targeted country in Africa when it comes to infostealer and ransomware attacks. Being at the forefront of the continent’s digital transformation puts South Africa in the crosshairs for sophisticated cyberattacks

Read more...
SIEM rule threat coverage validation
Information Security News & Events
New AI-detection engineering assistant from Cymulate automates SIEM rule validation for SecOps and blue teams by streamlining threat detection engineering with automated testing, control integrations and enhanced detections.

Read more...
Cybersecurity a challenge in digitalising OT
Kaspersky Information Security Industrial (Industry)
According to a study by Kaspersky and VDC Research on securing operational technology environments, the primary risks are inadequate security measures, insufficient resources allocated to OT cybersecurity, challenges surrounding regulatory compliance, and the complexities of IT/OT integration.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.