The need for full control of your organisation's security protection is increasing. Adequate alert automation and blocking strategies must be in place to avoid cyber attacks, hacktivism or even espionage as more and more remote users are using many apps on their organisation's network.
It was revealed in a recent ITWeb - Infoblox Network Security survey that just over a third of respondents indicated their IT department manages between 1-10 apps, while a very small percentage (5%) stated that over a 1 000 apps are currently being managed.
Conducted online during May, this survey set out to determine how organisations are addressing their very different needs when it comes to network security requirements.
"We are now seeing a trend in the network security industry where customers are consolidating the number of applications that are being allowed onto their network," says Rene Bosman, Manager - Infoblox Africa.
Remote workforce ever-increasing
The results were pretty much evenly split when the respondents were asked what percentage of their users are currently working remotely with 35% are stating less than 10%, a third citing between 10-20%.
"These results are no surprise to us, although many organisations and customers would like their employees to work remotely, often the organisation is not equipped for this and doesn't have the right HR policies in place," Bosman says.
Bosman believes that South African organisations are behind compared to the rest of the world.
"However, having said that, one of the obstacles for working remotely is unfortunately the high cost of broadband and unreliable broadband. This also stops users from working remotely."
Just over half (51%) of the respondents indicated that a medium amount of their organisation's daily engagement with customers is done via digital channels. A third or respondents cited it is done almost completely, therefore the survey shows that digitalisation is a huge part of any organisation, therefore prioritising their network security strategies.
New device risk
A combined percentage of 59% of respondents cited that their organisation does have automated tools that alert them of new devices going on to their network.
"The impact of not having automated tools and alert systems in place is that unidentified, rogue and infected devices come into the network. Possibly infected with malware or botnets and starting to spread out inside the company's networks. This could have disastrous impacts and because it happens from the 'inside out'.
Bosman warns that traditional security solutions like firewalls will not identify and pick up possible new device risks.
Priority alerts required
Surprisingly still 51% of organisations are prioritising security alerts manually. In this cyber attack time just how important is it to prioritise security alerts?
"More and more organisations are implementing a SIEM, (Security Information and Event Management system). This will support in the driving down the time to mitigate a security threat and risk, or in modern words, reduce the time to 'kill the chain', says Bosman.
Most security solutions work with "threat intelligence", data that will keep their systems protected against new and evolving threats, he continues.
"This is not a 100% guarantee and it's important to select that threat intelligence feed that generates the lowest amount of false positives and also protects against new zero-day attacks."
DNS down means business is down
Forty-eight percent of respondents indicated that they can extremely quickly stop cyber attacks so that no further damage is done, while 19% stated their reaction time is somewhat slow.
"Over the past 20+ years, most organisations have implemented several layers of security systems, starting from endpoint security to next generation firewalls today. Today, the number one attack vector is DNS and unfortunately traditional DNS systems are easy to exploit."
Elaborating on this Bosman says that over the past two years, there has been a dramatic increase in DNS-based attacks.
"These DNS-based attacks are not only to disrupt an organisation's business, but also to use DNS to ex-filtrate company sensitive data. Without having a secure DNS in place, more and more organisations will be at risk by these relatively new type of threats.
Bosman concludes: "Shutting down DNS means organisations are no longer able to communicate, both inside and to the outside world and with more applications in the cloud we rely on the DNS system. Therefore every organisation must start thinking of implementing secure DNS solutions and with that identify and mitigate the threats."
Share