Evolving threats are putting businesses at risk

April 2015 Infrastructure

For a country like South Africa that is visibly paranoid about security, the country’s information security landscape is seriously lagging in terms of awareness and practical, relevant application. Today’s chief information officer (CIO) needs to keep tabs not only on external security threats, but on internal threats as well, because the potential for disaster is inherent in both.

External threats have long been a focus for CIOs, and while progress has been made in ensuring that organisations are protected, these threats continue to evolve. Internal threats, however, have not been receiving the attention they deserve. Such threats can be the result of employees acting with or without malicious intent; but regardless of the intentions, they still have an impact.

Lise Hagen, IDC’s research manager for software and IT services in Africa, believes the problem is that many organisations overlook the internal threats, leaving them vulnerable and often surprised when the inevitable happens.

Internal threats are real

“Internal threats are usually not malicious and can be as simple as an employee losing a flash drive or having a laptop stolen from the boot of their car,” says Hagen. “However, disgruntled employees can have a devastating impact on the organisations they work for, and this is where CIOs need an operational benchmark. In this regard, data analytics can play a key role in identifying abnormal behaviour, such as a sudden increase in downloads. Such analytics can be automated and need not be expensive, but their implementation requires some proactive thinking.”

Generally speaking, the most likely perpetrators of malicious insider attacks are systems administrators and other IT staff with privileged systems access. “Technically proficient employees can use their access levels to open back doors into company computer systems or just engage in sabotage and thereby wreak havoc,” adds Hagen. “Data loss is one of the biggest areas of impact when it comes to internal attacks, but they can also result in a loss of customer and shareholder confidence and cause damage to the organisation’s reputation, market share, and brand.”

The key to protecting the organisation from internal security threats is to establish clear, written security policies that cover physical security as well as data and network security. “Get buy-in from the bottom up, but lead from the top down,” advises Hagen. “Make it clear why these policies are important and establish good physical security too. Make it part of the organisational culture by integrating it into the hiring, onboarding, and orientation process, as well as into annual reviews.”

External threats are evolving

If this wasn’t enough cause for concern, Hagen also explains that external attacks are becoming much more targeted: “Attackers are using more advanced and more determined phishing methods, identifying high-value account holders and then employing spear-phishing techniques to ensure that their attacks are successful. Social media plays an enormous role in this regard; once the attacker has developed a list of relevant employees, they will use social media pages to gather detailed intelligence that can be used to craft a targeted attack on the pre-identified individuals. This, of course, relates directly to the amount of information we share about our personal and professional lives on public forums such as Facebook, Twitter, LinkedIn, and Instagram.”

With emerging technologies like virtualisation, cloud computing, and social media becoming the new norm, organisations must secure the assets that they don’t own, control, or manage and that aren’t tucked away behind their firewalls. “This will require a frequent resetting or rebasing of the organisation’s security posture, with ongoing evaluations taking place as new infrastructure emerges and a clear focus on selecting security technologies and strategies that are designed to deal with these new realities,” says Hagen.

To this end, CIOs will need to look at ensuring the early detection and mitigation of targeted, unknown attacks through granular logging and policy enforcement of internal and external regulations. “When sourcing solutions, CIOs should interrogate IT services providers on how their offerings align with the demands of next-generation technologies,” advises Hagen. “And, given the high value placed on security, any new product, solution, or service will have to be underpinned by resilient and advanced security features.”

Security 101

Featuring prominently among the focus areas of the IDC South Africa CIO Summit in March will be the issues that CIOs must consider when developing a coherent security strategy. The first thing that must be appreciated is the fact that security is not a product, but rather a frame of mind. And given this reality, IDC encourages CIOs to take the following steps when reviewing and revising their strategies:

* Create and revise the risk portfolio

* Consider a metric-based approach

* Plan, update, and enforce security policies

* Implement ongoing user awareness and education programmes

* Spend smarter, not more

* Align existing internal governance, risk, and assurance strategies. It is important to note that this does not just sit within the domain of the CIO, but also intersects with the legal and compliance teams, and even finance.

Implementing a solid security strategy is no longer a one-off project; it has become a long-term commitment that requires ongoing evaluation as areas for optimisation are highlighted during the course of the process. “Security needs a holistic approach comprising all components, including employees, suppliers, physical, software, hardware, network, and data,” concludes Hagen. “It is therefore not only helpful, but critical to properly align these internally and benchmark security strategies against industry peers to ensure that all the relevant bases are covered.”





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Managing stock efficiently and cost-effectively
Asset Management Infrastructure Logistics (Industry)
Rina Redelinghuys, customer services executive at Cquential, a member of the Argility Technology Group, examines stock management across various industries, including retail, fast-moving consumer goods, food and dairy, automotive, apparel, industrial, accessories, paint and chemicals, and pharmaceuticals.

Read more...
Upgrade your PCs to improve security
Information Security Infrastructure
Truly secure technology today must be designed to detect and address unusual activity as it happens, wherever it happens, right down to the BIOS and silicon levels.

Read more...
The hidden cost of cheap networking gear
Duxbury Networking Infrastructure
When it comes to building a network, price is always a consideration, especially in the current economic climate, but there is a difference between smart spending and short-term savings with long-term losses.

Read more...
Open source code can also be open risk
Information Security Infrastructure
Software development has changed significantly over the years, and today, open-source code increasingly forms the foundation of modern applications, with surveys indicating that 60 – 90% of the average application's code base consists of open-source components.

Read more...
Fastest PCIe Gen 5.0 NVMe SSD
Products & Solutions Infrastructure
Sandisk has unveiled the WD_BLACK SN8100 NVMe SSD with PCIe Gen 5.0 technology, an internal SSD delivering speeds up to 14 900 MB/s and capacities up to 4 TB, with 8 TB solutions available soon.

Read more...
Unified storage solution
Products & Solutions Infrastructure
CASA Software has announced the local availability of Nexsan’s upgraded unified storage solution, Unity NV4000, which is ideal for mixed workloads, from virtualisation and video surveillance to secure backup and recovery.

Read more...
Suprema unveils BioStar Air
Suprema neaMetrics News & Events Access Control & Identity Management Infrastructure
Suprema launches BioStar Air, the first cloud-based access control platform designed to natively support biometric authentication and feature true zero-on-premise architecture. BioStar Air simplifies deployment and scales effortlessly to secure SMBs, multi-branch companies, and mixed-use buildings.

Read more...
Back-up securely and restore in seconds
Betatrac Telematic Solutions Editor's Choice Information Security Infrastructure
Betatrac has a solution that enables companies to back-up up to 8 TB of data onto a device and restore it in 30 seconds in an emergency, called Rapid Access Data Recovery (RADR).

Read more...
Advanced surveillance storage from ASBIS
Infrastructure Surveillance Products & Solutions
From a video storage solutions perspective, SkyHawk drives, designed for DVRs and NVRs, offer high capacity, optimised firmware, and a reliability workload rating of hundreds of terabytes per year.

Read more...
Power surges are killing our networks
Duxbury Networking Infrastructure
With power surges and lightning strikes becoming an all-too-familiar threat to South African infrastructure, Duxbury Networking is calling on local installers and network integrators to follow proper grounding protocols.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.