Subscribe
  • Home
  • /
  • Malware
  • /
  • Cyber criminals focus 80% of their efforts on the 20% of IT environment neglected by companies

Cyber criminals focus 80% of their efforts on the 20% of IT environment neglected by companies

Issued by PR Talks for Securicom
Johannesburg, 22 Aug 2016

Consciously or unconsciously, companies are still using the Pareto Principle to secure their organisation's IT infrastructure, focusing their efforts and budget on the security gaps affecting 80% of the organisation and leaving the remaining 20% of the organisation vulnerable to attack. This 20% is often found in legacy systems too complicated or costly to secure or to upgrade, so they are ignored.

Sometimes it is 20% of the staff, typically the executives who prefer comfort to security and open themselves to things like whaling attacks. On the flip side, hackers also apply the 80/20 rule, fine tuning their efforts to specifically target that 20% that companies fail to secure to produce 80% of their results.

"Simply put, that 20% that companies fail to secure is where hackers place 80% of their efforts. They do their homework. They know where companies are vulnerable and that is what they focus on," says Willie Stebbing, an IT expert at IT security services vendor, Securicom.

The company's Richard Broeke agrees, saying that with intensifying focus on newer threats, companies are no longer paying attention to the basics - like antivirus and anti spyware on endpoints.

"IT departments are focused on other newer and more 'important' threats, like those which impact the network. With 80% of threat mitigation efforts focused elsewhere, the endpoint a security blind spot and all the 'old' risks, which may only account for 20% of risks, are being neglected."

Stebbing says that minding the "Pareto Principle gap" requires regular assessment of all systems to identify vulnerabilities.

"Vulnerability assessments are an eye opener. Specialised vulnerability assessments test for gaps and vulnerabilities in the environment. It's like looking at the IT architecture through the eyes of a hacker to see where gaps and loopholes could be used to compromise it. Only once you know where the weaknesses are can you begin to close the 'holes'. Companies are often surprised to find out where they have 'holes'; their own employees for instance. We also find that companies with premium firewall protection in place are at risk because the firewalls are not configured correctly. They only discover the shortfall after an audit," says Stebbing.

He concludes: "It is extremely important that all software in your IT environment gets assessed and updated on a regular basis. Install software patches promptly, monitor networks for suspicious activity, and monitor and quarantine devices that show unusual behaviour."

Share

Securicom

Securicom is a leading managed IT services vendor in Africa, with global presence. It is one of a handful of local vendors to offer an end-to-end range of fully managed IT security services for the cloud, from the cloud. Its consumption-based services are available through a select partner network in Africa.

Securicom's holistic suite of solutions provides comprehensive weaponry and proactive defence against the host of threats that afflict businesses today from endpoint protection, managed firewalls, and advanced Fortigate reporting, to WAN and LAN optimisation; e-mail content management, and mobile device management.

Solutions are packaged to harness the capabilities of best-of-breed technologies including Symantec Brightmail, Riverbed, Fortinet, logMojo, and XenMobile. Solutions are hosted upstream at Securicom's highly-secure, local data centres.

Securicom has offices in Johannesburg, Cape Town and Namibia; and offers its services in 10 other African countries. For more information on Securicom, please visit www.securicom.co.za

Editorial contacts

Mandy Prowse
PR Talks
(+61) 41 392 1374
mandy@prtalks.co.za
Kerry Webb
Securicom
(082) 496 0713