industry unlocked
The threat landscape and
mitigating risks attacks on Android platforms as a new
way of entering corporate networks.
Harish Chib, Vice President, Middle East
and Africa, talks us through the two major
attack vectors and has some advice for
energy sector businesses looking to
prevent attacks. The hard truth is that there are data
security breaches every single day,
globally. This is not just an issue for
organisations in the energy sector.
Malware and other threats that spread
across networks are equally fatal for all
the sectors.
The threat landscape continues to change
on a daily basis – volumes are predicted
to rise by every vendor and commentator
out there. This has affected all sectors
and the energy sector is no exception.
Whoever has valuable data is at risk.
Threats today have two major vectors for
attack – and they are often used together:
• User-focused malware
a. Social engineering is the primary
method used to trick users into
opening an email, clicking an
attachment or visiting a URL
b. Malware on removable media
such as USBs
• Vulnerability exploits
a.
c. Cybercriminals look for
weaknesses in software to send
threats into the network
b.
d. Unfortunately, vulnerabilities in
software are not going away and
companies still struggle to keep
up with patching
These attacks do however highlight the
growing concern over cybersecurity,
the impact of breaches and why
cybersecurity needs to be a top priority
for every organisation, whatever their
size and sector.
It is important to get the basics right.
Even the most well-resourced companies
are still falling victim to attacks that
use phishing and social engineering
techniques to dupe employees.
First, encrypt the data. Many IT
organisations have steered clear of
encryption thinking that it impacts
performance or that it’s simply too
complicated to effectively implement.
This is no longer the case.
Enterprises should be encrypting their
most critical data far more often than
they do. Ensure that any contractors,
outsourcers or third-party partners take
cybersecurity as seriously as you do.
After all, it’s your data that your
customers have entrusted you with and
it’s your responsibility to secure it.
Take a user-centric view to your
security. Too often, IT departments
focus on devices and fail to see the
connection between a user, their data
and all the devices (including mobile
devices) that they use on a daily basis.
The biggest cybersecurity threat facing
businesses right now is the deluge of
attacks and associated incident alert
data, regardless of the source of the
attack. Right now, we see ransomware
and phishing as two significant attack
vectors and we have seen an increase in
Companies need to re-think the
traditional approach of ‘layered
security’ and think more about
‘synchronised security’.
With the latest Deep Learning
technologies, new cybersecurity
solutions can now take action faster than
an IT Manager predicting issues and
stopping threats before they can enter
an organisation’s network.
Harish Chib, Vice President, Middle East
and Africa
46
Here are some things we’ve learned over
the years, working with thousands of
other organisations of every size:
Simplify. Complexity is the enemy of
security. Too often complicated tools
aren’t configured correctly, aren’t
communicating with other tools or
aren’t even deployed at all because
despite all their power they are simply
too complicated for mere mortals to
use effectively.
Train your users. They are often
the weakest link in a cybersecurity
strategy. Too often users wilfully hand
over their credentials and engage in
risky cyber behaviour that can put the
company at risk. u
Issue 18
|
www.intelligentciso.com