Cybersecurity symposium outlines business security landscape

March 1st, 2017, Published in Articles: EngineerIT

 

Network security specialists 10Dot hosted a cybersecurity symposium titled “#HackProof” in February 2017 in Johannesburg, which provided an overview of the business cybersecurity landscape.

Discussions indicated that naivety remains a problem in the security space, further compounded by the lack of system visibility that often means companies learn of security breaches more than 200 days after they occurred. Malware attacks remain on the rise due to their profitability, with ransomware attacks being the most popular type of attacks. Cyber-attacks are also changing in that they are becoming more random, and not as previously predominantly targeted at large corporates.

Speakers at the cybersecurity symposium.

Christoff Breytenbach, Ronnie Apteker, Gavin McDougall, Donovan Strapp, Jared van Ast and Jakes Wolfaardt.

The main vulnerabilities include weak identity management (i.e. access and passwords), missing security updates, a lack of security configuration, and coding errors in custom-developed applications – all of which are exploited by malware and hackers.

The result of breaches can vary from financial loss and downtime to reputational damage, while privacy breaches could even constitute legal and regulatory infringements that could involve further legal action.

There are however means to limit and mitigate risks. Vulnerability management should start with identifying and prioritising potential threats to focus resources in the right place. The next step would be to assign responsibility and notify the relevant stakeholders of their roles. Remediation in the form of security patches and updates are as important, and even more so, tracking and monitoring to make sure changes have been executed.

Security should be built into processes and automated, acknowledging that security management doesn’t exist in isolation. People remain the weakest point in security, which is why a bottom-up approach with buy-in from all stakeholders and a shared understanding of risk is vital. Organisations would also benefit from determining a course of action in the case of a security breach up front.