The hacker community is no longer focused on stealing network time or crashing networks, they are after information.
This is according to Allen Baranov, security analyst for South African Breweries, who sits on the SABMiller International ISO Forum.
On the second day of the upcoming ITWeb Security Summit, he will discuss issues surrounding information security as well as Web 2.0, data loss prevention (DLP), de-perimeterisation, consumerisation and cloud computing.
Baranov claims the traditional model of information security, which is more focused on network security, like firewalls, and host security, including patching, is no longer sufficient.
“New technologies such as Web 2.0 and new threats such as malware that work around network protection are appearing all the time. We need to protect the information itself as well as the network, servers, and so forth,” he says.Baranov adds: “At the moment most companies take a Web 1.0 view and have either ignored the problem of information leaking out through Web 2.0 or, alternatively, have blocked Web 2.0 sites in their entirety. Some companies have embraced Web 2.0 technology with strict policies and information-centric technologies such as DLP.”
Information security technology is by no means new and according to Baranov, it is still incomplete, expensive and not widely deployed.Still, he adds, it is better than nothing. “From a personnel side, information security experts are usually sourced from two groups – auditors or network security technicians. These groups traditionally consist of people who are more comfortable working with technology or working with documentation. Neither quality is truly effective for information-centric security. They need to be able to interface with business at all levels to see what information is important and where it should be moving.”
When asked why a company needs to drive awareness around information security, Baranov points out: “All companies use information to keep going and to make business decisions that can bring growth. We are entering a new era where criminals are stealing information and real financial losses are being experienced by companies that don't take information security seriously. The problem of information theft is not going to go away and companies need to know how to deal with it.”
Our comments policy does not allow anonymous postings. Read the policy here