Evolving threats are putting businesses at risk

April 2015 IT infrastructure

For a country like South Africa that is visibly paranoid about security, the country’s information security landscape is seriously lagging in terms of awareness and practical, relevant application. Today’s chief information officer (CIO) needs to keep tabs not only on external security threats, but on internal threats as well, because the potential for disaster is inherent in both.

External threats have long been a focus for CIOs, and while progress has been made in ensuring that organisations are protected, these threats continue to evolve. Internal threats, however, have not been receiving the attention they deserve. Such threats can be the result of employees acting with or without malicious intent; but regardless of the intentions, they still have an impact.

Lise Hagen, IDC’s research manager for software and IT services in Africa, believes the problem is that many organisations overlook the internal threats, leaving them vulnerable and often surprised when the inevitable happens.

Internal threats are real

“Internal threats are usually not malicious and can be as simple as an employee losing a flash drive or having a laptop stolen from the boot of their car,” says Hagen. “However, disgruntled employees can have a devastating impact on the organisations they work for, and this is where CIOs need an operational benchmark. In this regard, data analytics can play a key role in identifying abnormal behaviour, such as a sudden increase in downloads. Such analytics can be automated and need not be expensive, but their implementation requires some proactive thinking.”

Generally speaking, the most likely perpetrators of malicious insider attacks are systems administrators and other IT staff with privileged systems access. “Technically proficient employees can use their access levels to open back doors into company computer systems or just engage in sabotage and thereby wreak havoc,” adds Hagen. “Data loss is one of the biggest areas of impact when it comes to internal attacks, but they can also result in a loss of customer and shareholder confidence and cause damage to the organisation’s reputation, market share, and brand.”

The key to protecting the organisation from internal security threats is to establish clear, written security policies that cover physical security as well as data and network security. “Get buy-in from the bottom up, but lead from the top down,” advises Hagen. “Make it clear why these policies are important and establish good physical security too. Make it part of the organisational culture by integrating it into the hiring, onboarding, and orientation process, as well as into annual reviews.”

External threats are evolving

If this wasn’t enough cause for concern, Hagen also explains that external attacks are becoming much more targeted: “Attackers are using more advanced and more determined phishing methods, identifying high-value account holders and then employing spear-phishing techniques to ensure that their attacks are successful. Social media plays an enormous role in this regard; once the attacker has developed a list of relevant employees, they will use social media pages to gather detailed intelligence that can be used to craft a targeted attack on the pre-identified individuals. This, of course, relates directly to the amount of information we share about our personal and professional lives on public forums such as Facebook, Twitter, LinkedIn, and Instagram.”

With emerging technologies like virtualisation, cloud computing, and social media becoming the new norm, organisations must secure the assets that they don’t own, control, or manage and that aren’t tucked away behind their firewalls. “This will require a frequent resetting or rebasing of the organisation’s security posture, with ongoing evaluations taking place as new infrastructure emerges and a clear focus on selecting security technologies and strategies that are designed to deal with these new realities,” says Hagen.

To this end, CIOs will need to look at ensuring the early detection and mitigation of targeted, unknown attacks through granular logging and policy enforcement of internal and external regulations. “When sourcing solutions, CIOs should interrogate IT services providers on how their offerings align with the demands of next-generation technologies,” advises Hagen. “And, given the high value placed on security, any new product, solution, or service will have to be underpinned by resilient and advanced security features.”

Security 101

Featuring prominently among the focus areas of the IDC South Africa CIO Summit in March will be the issues that CIOs must consider when developing a coherent security strategy. The first thing that must be appreciated is the fact that security is not a product, but rather a frame of mind. And given this reality, IDC encourages CIOs to take the following steps when reviewing and revising their strategies:

* Create and revise the risk portfolio

* Consider a metric-based approach

* Plan, update, and enforce security policies

* Implement ongoing user awareness and education programmes

* Spend smarter, not more

* Align existing internal governance, risk, and assurance strategies. It is important to note that this does not just sit within the domain of the CIO, but also intersects with the legal and compliance teams, and even finance.

Implementing a solid security strategy is no longer a one-off project; it has become a long-term commitment that requires ongoing evaluation as areas for optimisation are highlighted during the course of the process. “Security needs a holistic approach comprising all components, including employees, suppliers, physical, software, hardware, network, and data,” concludes Hagen. “It is therefore not only helpful, but critical to properly align these internally and benchmark security strategies against industry peers to ensure that all the relevant bases are covered.”

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Cyber resilience is more than cybersecurity
Technews Publishing Cyber Security Integrated Solutions IT infrastructure
Hi-Tech Security Solutions held a round-table discussion focusing on cyber resilience and found that while the resilience discipline includes cybersecurity, it also goes much further.

Reliable, low-maintenance video appliances
Technews Publishing Editor's Choice CCTV, Surveillance & Remote Monitoring News IT infrastructure Products
Symetrix, part of the Agera Group, has added the AES range of video recording servers, storage appliances and workstations to its portfolio.

Infinidat a leader in ransomware protection
IT infrastructure Products
InfiniSafe brings together the key foundational requirements essential for delivering comprehensive cyber-recovery capabilities with immutable snapshots, logical air-gapped protection, a fenced forensic network, and near-instantaneous recovery of backups of any repository size.

What’s the difference between SASE, SD-WAN and SSE?
IT infrastructure
When it comes to the wide area network (WAN), the letter ‘S’ plays a pivotal role – from SASE to SD-WAN to SSE – but there can be some confusion with so many WAN ‘S’ acronyms.

Cold chain integrity in real time
Technews Publishing Editor's Choice Asset Management, EAS, RFID IT infrastructure Transport (Industry) Logistics (Industry)
DeltaTrak offers real-time farm-to-fork IoT monitoring of the cold chain to ensure every step of the journey is recorded and verifiable via the cloud.

BCX and Alibaba Cloud confirm partnership
News IT infrastructure
BCX and Alibaba Cloud have formed a partnership to bring cloud technologies to businesses in South Africa to drive local digitalisation.

IoV – the cutting edge of vehicle automation
Integrated Solutions IT infrastructure Transport (Industry) Logistics (Industry)
Today’s cars have become bona fide connected machines and not merely an extension of our mobile devices such as smartphones.

Advanced technologies to curb corruption
News Cyber Security IT infrastructure
The use of advanced technology to curb fraud, corruption and cyber-related crimes received a massive boost as the Council for Scientific and Industrial Research (CSIR) and Special Investigation Unit (SIU) agreed to work together.

DMaaS is the solution to hybrid cloud complexity woes
IT infrastructure
After an initial scramble to move everything to the cloud, companies are increasingly moving to a hybrid cloud environment, with a mix of private and public cloud infrastructure and services, coupled with on-premises storage.

The current and future state of smart OT security
Technews Publishing Industrial (Industry) Cyber Security IT infrastructure
Nearly 60% of survey respondents also revealed that their organisation suffered at least one OT breach during the past 12 months, with 10% experiencing four or more.