Despite significant investments into network security solutions, organisations still find themselves vulnerable because they overlook critical flaws. Nicolai Solling, Chief Technology Officer at Help AG, says that governments will find that simple and cost-effective measures can go a long way.
The rise of network security related incidents has in recent years brought the subject into the forefront of IT discussions. Simply put, government entities which can operate flexibly in a secure way are now better primed to succeed than those which choose to operate without robust security.
Many of the security issues seen in government entities around the region is not due to sophisticated hackers targeting the specific organisation, but simply down to security solutions not being tuned to deal with de-risking and removing threats from the actual environment.
These days, cyber security robustness does not necessarily come from advanced and sophisticated solutions but rather from taking a renewed look at which risks you have and how you can address them. What organisations and governments will find is that simple and cost-effective measures can go a long way. While we shouldn’t discredit advanced solutions− they are also required− it is frustrating when to see unsophisticated attacks go through where they could have been prevented.
There is no doubt that over the last five years, IT teams in the Middle East and Africa (MEA) have understood that traditional security simply cannot protect against the complex malware types we are seeing today. In fact, many organisations understand that a product or a solution will not protect you, but it is what you do with that product that makes the difference. Because of this, they are spending a lot of money on technology around cyber security and we also see great levels of investment and focus on governance, risk and compliance.
This is evident from the increase in the number of businesses successfully securing accreditations, such as ISO27001:2013, and the active role governments in the region are taking to introduce regional security standards. Good examples are the work performed by SAMA, NESA and DESC where their guidance on what is considered mandatory information security helps us raise the bar for cyber security robustness in the region.
Despite these positive developments however, there does remain critical flaws in frameworks and policies and this places even organisations that have invested in network security solutions square in the sights of attackers. Among these are:
- The users have too many rights. They can install applications outside a governance or validation process and unfortunately these applications can result in malware
- Systems are not kept up to date and patched, meaning that malware utilising exploits that have already been addressed by the vendors can still be successful in infection
- Organisations allow risky file types and rely on single point products in their critical dataflow such as mail, USB’s and web-browsing. Should anyone really be allowed to receive a file which is compressed at multiple layers and includes a full executable? Macro-enabled office documents are the biggest carriers of malware. Why then do we still allow such documents to come into the organisation without stripping the potentially malicious content?
- Some IT teams are simply too caught up operating their infrastructure and systems to stop for a minute and understand their risks. So, while they invest in expensive boxes, they may not take the necessary effort to ensure the systems are addressing the issues
- Finally, the most dominant issue is that organisations very often fail to listen to the events that their systems are generating. An alert from a firewall, a log from a web-proxy, behavior in a DNS request or file activity on a client machine can all be early indicators of an attack. Even when event management is happening, it is very often only done during working hours, whereas attackers work around the clock. Therefore, your security operations should do the same! If you cannot do that due to resource constraints, then it is time to get some help. I think only a handful of organisations in the region can secure the correct budget and competence to operate their security events and therefore leveraging managed security services is extremely appealing.
The ingenuity of the modern cybercriminal means that not every security risk can be fixed by tending to these glaring concerns, but these have proved to be the reasons behind the most common attacks we have witnessed in the region. Worse still, it is often unsophisticated attacks that result in data breaches, simply because basic precautions haven’t been taken.
Other Factors Impacting Network Security
Besides the glaringly obvious, though often overlooked, network security shortcomings that organisations fall victim to, there are several threats brought on by new technologies and usage behaviours. Among these are the vulnerabilities introduced by endpoint devices. There are many integration points between endpoints and other security elements of the infrastructure. In fact, what we are seeing right now is a race for the endpoint as this is the place where IT teams will be able to understand what is happening – traffic will be in clear text in memory and a lot of the inherent issues in perform prevention on the network layer are not present.
The integration between the endpoint and the network security devices is the secret sauce as no system can stand on its own. Understanding how open a platform is, and how you can integrate both forensics, reporting and automated response is how you create a real security ecosystem.
Another concern is that even today, we have security vendors which think that they can provide the whole security ecosystem and therefore create proprietary integration points in their solutions. With the complexity of attacks that we now see, open interfaces and the seamless integration of products is essential as tackling new threats calls for best-in-class point products that work together.
Finally, to truly secure their networks, IT teams must grow beyond their reliance on solutions alone. The advancement of cyber threats means that to stay protected, you need to develop and maintain a holistic security program wherein technology, products, systems, procedures, processes, policies and people are all considered. Such programs can be extremely challenging for many organisations and they should ask themselves is outsourcing parts of these programs to trusted IT security partner could be the correct solution.
In the end, every organisation needs to understand that the economy of cybercrime is such that if you made it difficult for the hackers, they will most likely go somewhere else.