The rise of networks security related incidents has in recent years has brought the subject into the forefront of IT discussions. Today, the ability to mitigate risks is even seen as a competitive edge, rating at the same level as cost. Simply put, the organizations which can operate their business flexibly in a secure way are now better primed to succeed than those which choose to operate without security.
There is no doubt that over the last five years, businesses have understood that traditional security simply cannot protect against the complex malware types we are seeing today. In fact, many organizations understand that a product or a solution will not protect you, but it is what you do with that product. As a result of this, organizations in the Middle East are spending a lot of money on technology around cyber security, and we also see great levels of investment and focus on governance, risk and compliance. This is evident from the increase in the number of businesses successfully securing accreditations such ISO27001:2013.
Despite these positive developments however, there remain critical flaws in frameworks and policies, and this places even organizations that have invested in network security solutions square in the sights of attackers. Among these are:
- The users have too many rights! They can install applications outside a governance or validation process and unfortunately these applications can result in malware.
- Systems are not kept up to date and patched, meaning that malware utilizing exploits that have already been addressed by the vendors can still be successful in infection.
- Organizations allow risky file types and rely on single point products in their critical dataflow such as mail, USB’s and web-browsing. Should anyone really be allowed to receive a file which is compressed at multiple layers and includes a full executable?
- Some IT teams do not bother to identify the risks in their infrastructures and make sure they are fixed, they simply get caught up in operations. So while they pay to invest in expensive boxes, they may not take the necessary effort to ensure the systems are actually addressing the issues.
The ingenuity of the modern cybercriminal means that not every security risk can be fixed by tending to these glaring concerns, but these have proved to be the reasons behind the most common attacks we have witnessed in the region. Worse still, it is often unsophisticated attacks that result in data breaches, simply because basic precautions haven’t been taken.
Other Factors Impacting Network Security
Besides the glaringly obvious, though often overlooked, network security shortcomings that organizations fall victim to, there are a number of threats brought on by new technologies and usage behaviors. Among these are the vulnerabilities introduced by endpoint devices. There are a number of integration points between endpoints and other security elements of the infrastructure. In fact, what we are seeing right now is a race for the endpoint as this is the place where IT teams will be able to understand what actually is happening- traffic will be in clear text in memory and a lot of the inherent issues in perform prevention on the network layer are not present.
The integration between the endpoint and the network security devices is actually the secret sauce as no system can stand on its own. Understanding how open a platform is, and how you can integrate both forensics, reporting and automated response is how you create a real security ecosystem.
Another concern is that even today, we have security vendors which think that they can provide the whole security ecosystem, and therefore create proprietary integration points in their solutions. With the complexity of attacks that we now see, open interfaces and the seamless integration of products is essential as tackling new threats calls for best-in-class point products that work together.
Finally, to truly secure their networks, IT teams must grow beyond their reliance on solutions alone. The advancement of cyber threats means that to stay protected, you need to develop and maintain a holistic security program wherein technology, products, systems, procedures, processes, policies and people are all taken into account.
Such programs can be extremely challenging for many organizations, and they should therefore ask themselves is outsourcing parts of these programs to trusted IT security partner could be the correct solution.
In the end, every organization needs to understand that the economy of cybercrime is such that if you made it difficult for the hackers, they will most likely go somewhere else!
Nicolai Solling, CTO at Help AG