The majority of major data breaches that have flooded the headlines in the past few years have been mostly carried out by outsiders, and have cost businesses millions of rands. These threats have seen businesses ramping up their security controls, with the implementation of traditional security tools.
However, threats that come from the inside are far harder to prevent, and incredibly difficult to detect using today's usual security measures. After all, these individuals have legitimate access to the company's information and valid credentials.
Web sites and employees are seen as a target of opportunity by cyber criminals, says Jayson Street, infosec ranger at Pwnie Express, who will be presenting on ‘An attacker's view of your Web site and employees, and how he/she uses them against you,' at the ITWeb Security Summit 2017, to be held at Vodacom World in Midrand, from 15 to 19 May.
"I personally think just walking in and compromising a corporation works well too. Attackers will mine social media and create fake Web sites to create opportunities for compromise."
Delegates attending Street's talk will walk away with actual easy to implement defences that they can incorporate into their existing infrastructure.