Surviving cybersecurity challenges

May 2018 Editor's Choice, Information Security

The business landscape is being reshaped by the process of digital transformation, which affects every sector, industry and organisations of all sizes. While this process is enabling companies to strategically employ technology to capitalise on new business opportunities, become more efficient, and empower their staff to be more productive, it is also creating new threats to businesses in the form of cybersecurity risks.

According to the Allianz Risk Barometer Report 2017, which identifies the most prominent threats for businesses, 38% of respondents listed cyber incidents as a top threat for South African businesses. This is not surprising, since South Africa has the third highest number of cybercrime victims worldwide according to the report. Moreover, the country is experiencing more cyber-attacks compared to its counterparts on the African continent.

Another risk factor for businesses is the potential chaos that so-called ‘cyber hurricane’ events could unleash. During this type of attack, which is predicted to increase in frequency this year, hackers disrupt larger numbers of companies through targeting of their common infrastructure dependencies.

Companies with strong, hardened network paired with policies, processes, and people all proactively monitoring and responding to cyber threats and aligned with your organisation’s stated cybersecurity goals, will be in great shape to avoid these cyber perils.

Businesses that don’t have this in place need to consider taking the proper measures to avoid undergoing a cybersecurity crisis, as a network with poorly implemented security is very attractive to hackers and in many cases will lead to an accelerated spreading of viruses, malware and other cyber threats.

The Axis Communications approach

To assist with this, Axis Communications recommends a novel approach to cybersecurity. It involves organisations placing independent firewalls around small clusters of servers or userless computers in addition to the firewall around their entire network. In this way, if someone breaks into one cluster of servers, they will not be able to move laterally to access the entire network.

Additional steps may help you counter cybersecurity threats. The first of these is assessing security and evaluating the trustworthiness of users and devices is also important. As cybersecurity is becoming more dynamic, businesses are increasingly assessing security based on circumstantial factors. Depending on where you are, for example, your computer can be considered more or less at risk.

Trustworthiness varies with time and depends on what we know about the device and the user. For example, if the device does not have the latest patches, its trust decreases. If the user exhibits strange behaviour, such as logging in from London and then from Melbourne within a physically impossible timespan, their trust drops. If the trustworthiness of your devices declines, you will have access to fewer resources. Trust can be lost quickly and is often regained slowly.

To aid in this risk assessment process, resources are ranked in relation to the level of trust they require for someone to access them. In some cases, proprietary or sensitive resources require greater trust while, in other cases, how integrated these resources are with the entire network may require more trust. Furthermore, untrustworthy devices are now being isolated with micro-firewalls. Untrustworthy devices include those that were made by countries whose government are considered to be geo-strategic rivals of liberal democracies.

The next step is to establish networks of trust. Security is all about building a network of trust. When it comes to putting devices on your network, each organisation must ask serious questions about whether or not the manufacturer and the business installing the device are trustworthy.

A good analogy to illustrate this is boarding an aeroplane. When security asks if you packed your bag yourself, the best answer is: “Yes, I packed my bag myself.” A not-so-good answer is: “Actually, it was my spouse who packed my bag.” In this case, the rest of us have to hope that your spouse loves you. But the really bad answer is: “No, my neighbour who is on the federal watch list packed my bag.”

It’s the same thing when someone wants to put a device on your network. You should ask: “Did you write the software yourself?” Generally speaking, the answer is: “No.” Then, you ask whether you know the person or people who wrote the software for this device. And, if the answer is “yes,” and it was written by a military/government agency of a geo-strategic rival of your government, then you should think twice about putting the device on your network.

Security is everyone’s responsibility. The goal of a company should be to not only implement security strategies for themselves, but to be cognisant of the “bono pastore” (meaning good shepherd) principle: We must protect the network.

For more information contact Axis Communications, +27 (0)11 548 6780, [email protected], www.axis.com



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Identity is a cyber issue
Access Control & Identity Management Information Security
Identity and access management telemetry has emerged as the most common source of early threat detection, responsible for seven of the top 10 indicators of compromise leading to security investigations.

Read more...
Federated identity orchestration
Technews Publishing SMART Security Solutions Editor's Choice Access Control & Identity Management Security Services & Risk Management AI & Data Analytics
Understanding exactly who resides at the end of a digital device is key, and simple identity number verification by the Department of Home Affairs is no longer a viable solution on its own.

Read more...
Identity and authentication
Technews Publishing SMART Security Solutions Access Control & Identity Management Information Security Security Services & Risk Management
Identity authentication is a crucial aspect of both physical security and cybersecurity. SMART Security Solutions obtained insights into the topic and the latest developments from three companies.

Read more...
Here’s to a SMART 2025
SMART Security Solutions Editor's Choice News & Events
This is the final news brief from SMART Security Solutions for 2024, and the teams would like to take this opportunity to thank our readers, advertisers and partners and wish everyone a safe and secure festive season.

Read more...
Smart surveillance and cyber resilience
Axis Communications SA Surveillance Information Security Government and Parastatal (Industry) Facilities & Building Management
South Africa’s critical infrastructure sector has to step up its game regarding cybersecurity and the evolving risk landscape. The sector has become a prime target for cybercriminals on top of physical threat actors, and the consequences of an incident can be far-reaching.

Read more...
Axis introduces ACS Edge and cloud storage
Axis Communications SA Surveillance Infrastructure Products & Solutions
Axis Communications has launched two new solutions within the AXIS Camera Station ecosystem, AXIS Camera Station Edge (ACS Edge) and AXIS Camera Station Cloud Storage (ACS Cloud Storage).

Read more...
Axis announces ARTPEC-9 SoC
Axis Communications SA Surveillance News & Events
Axis Communications has announced the 9th generation of its system-on-chip (SoC). ARTPEC-9 builds on and refines the capabilities and features of previous generations of the company’s in-house designed SoC, including exceptionally low bitrate, AI-powered analytics, quality imaging, and enhanced cybersecurity.

Read more...
SA company develops world-first safe K9 training for drug detection
Editor's Choice News & Events Security Services & Risk Management Government and Parastatal (Industry)
The Braveheart Bio-Dog Academy recently announced the results of its scientific research into training dogs to accurately detect drugs and explosives without harming either the dogs or their handlers.

Read more...
Autonomous healing systems are the future
Infrastructure Information Security AI & Data Analytics
Autonomous healing software, an emerging technology, is gaining traction for its potential to transform how organisations manage software maintenance, security, and system performance.

Read more...
AI-powered automation for an operational efficiency edge
Editor's Choice AI & Data Analytics IoT & Automation
In the fast-moving world of digital transformation, businesses are under immense pressure to accelerate their operations and adapt quickly to stay competitive in an era dominated by AI and technological advancements.

Read more...