Information security is becoming increasingly critical, especially as companies suffer from more and more nefarious attacks, including from viruses and DoS attacks. With big companies dealing with millions of items and applications on their network every month, literally every piece of information is vulnerable to attack from outside, said Maeson Maherry, general manager of NamITrust, part of the NamITech IT group.
NamITrust - which incorporates the South African Certification Authority (SACA), offers the products and solutions of VeriSign Inc, the world`s largest provider of Internet trust services.
"While security attacks are becoming nastier and more damaging there is still very little in the way of legal precedent or international law that allows governments to intercede on behalf of companies. It is still very much like the Wild West on the Internet and while the lawlessness is likely to be combated, it is going to take some time before concrete steps are taken, or are in place. In the meanwhile companies are going to have to take steps to protect themselves."
Maherry said that these days having good security systems in place is a very necessary thing - and creates a positive image for the company concerned, especially if the company is an organisation such as a bank or financial services provider. "If a bank wasn`t deemed to have secure systems in place, who would bank with it?" he asked.
If a company is duty bound to keep certain data safe on behalf of third parties then security is obviously extremely critical. A company could go out of business if security is breached and a client`s data stolen or compromised.
The first thing one must do, said Maherry, is conduct risk analysis. Find out what the parameters are and what level of security you need. "If you need really high levels of security then high-tech solutions such as cryptography may be needed. But don`t just buy security solutions for the sake of it. Invest in what you need. Sometimes bells and whistles can just complicate things for a company - especially if they are not really required."
Maherry said that while hackers remain a huge threat, companies are often vulnerable from the inside. Staff, especially a disgruntled staff member, can also gain access to information they should not, and steal it, or pass it on to a third-party.
"Once a system is in place - no matter what it is - this does not mean that you can sit back and relax. Technology changes all the time. The type of attacks and their methodology change too. Hackers find new holes and come up with new products to penetrate networks. It is therefore crucial to test your security system on a regular basis to check if it is still safe. "In fact, while it may sound strange, the best way to check the safety of your security system is to employ a company specialising in security solutions to try and break in. These days leading security solutions providers are employing security specialists and advanced security tools to do just that. However, the bottom line is as always: top management must own and drive a security strategy in the business or the company will remain at risk."
Share