The corporate IT security landscape is changing – and rapidly. An overriding global trend that is dominating media headlines is the increase of cyber attacks – and their impact on businesses. In fact, over the last couple of years, many organisations across the globe have fallen victim to numerous targetted attacks – and South African businesses are not exempt.
According to the IT Security Risks Survey 2015, conducted by Kaspersky Lab and B2B International, 9% of organisations, globally, and 7% of companies in South Africa said they experienced a targetted attack in the last year.
Targetted attacks, which include advanced persistent threats (APTs), are some of the most dangerous risks facing enterprises today. As the reality is that many targetted attacks are neither advanced, nor persistent, but mostly depend on research and publicly available information. For example, the Iranian government published a photo containing information which helped the Stuxnet developers to design the malware to attack the Natanz nuclear facility. Unfortunately, far too many companies make it easy for attackers to gather the information they need.
This, combined with the quality and complexity of today’s cyber threats, as well as the lack of security intelligence to deal with these threats makes businesses vulnerable. As a result, a major perception change, and approach, by both business and security vendors is needed, as technology alone won’t solve the problem.
Local companies, no matter their size, need to have a proactive security strategy in place rather than merely relying on “just installing” software. This strategy comprises threat prevention, detection, and response to the threat.
Threat prevention is, in my view, the better understood phase by most local businesses as it is mostly covered by technology – be it a firewall or security solution.
Detection of sophisticated and targeted attacks is, on the other hand, more complex. This phase requires a business to invest in advanced tools and expertise, but more importantly this step necessitates time to identify the indicators of attack, spot an incident, investigate it and mitigate the threat.
Once this has been completed, responding to the threat then becomes crucial. Finally, the prediction of future attacks, and understanding the attack surface, defines the long-term strategic defence capabilities of a company – and is becoming an essential part of an effective IT security strategy today. This is done through running penetration testing and other kinds of security assessments.
Within the business, a security officer has to pursue all four phases simultaneously and each requires a unique set of skills. Mitigating the future threats means regular security assessment, training employees on general security hygiene, and the analysis of current and future attack methods. Detection is all about identifying anomalies in a regular corporate workflow, covering web, e-mail, network traffic and observing corporate user behaviour. Response is about localising the incident and closing the initial attack vector.
It can be highly challenging to develop this kind of expertise in-house, and it can also be expensive, where often only larger enterprises can afford it. In these circumstances it seems much more reasonable to use an external service from a professional IT security consultant or global player.
Businesses have to understand that everyone can be hacked and data breaches can do massive damage to a company: decreasing its value, leading to losses and changing the brand perception. The role of the security vendor needs to change and add real value – providing and sharing their expertise to ensure a comprehensive approach is applied to fighting cyber threats. In doing so and in having the right intelligence and services, companies can be prepared to predict and detect attacks – and to respond to them effectively.
Send your comments to firstname.lastname@example.org