Modern threats require better risk management

Risk managers need to have meaningful data, to make informed decisions about processes and tools, says Simon Campbell-Young, CEO of Phoenix Distribution.

Johannesburg, 13 Feb 2014

With more and more breaches making the headlines, risk management and security professionals are bracing themselves to face not only increasingly sophisticated attacks, but more rigorous scrutiny on their controls and measures. Although each company is different, with unique priorities and needs, there are several risk management measures that would benefit all types of organisation, says Simon Campbell-Young, CEO of Phoenix Distribution.

A good starting point, he says, is the risks that go hand-in-hand with third-party partners that are custodians of an organisation's data. "Businesses rely more and more on outside vendors and partners, driving the need for a solid third-party risk management strategy, to make sure that these risks are identified, measured and controlled. This is particularly relevant, as customers will want to know how third-party risk is managed."

Following this, Campbell-Young says, is to harness the business' data for better insight into the risk management process. "Data mined from security tools, the network and other infrastructure can be invaluable, and help a business to validate assumptions, and better understand what the risks are. Too many companies do not realise the value of the data that resides within their environment, and fail to analyse the data, and work the findings into the risk management plan."

He says this is particularly effective when dealing with today's advanced persistent threats (APTs) and targeted attacks. "These attacks are so carefully planned, often using multiple vectors to achieve their ends, which causes security and risk practitioners to constantly re-evaluate their mitigation methods and protocols."

These sorts of attack can cause significant damage, and have changed the security landscape, he adds. "Access control, DLP, IPS, firewalls, AV - are woefully inadequate. Successfully fighting APTs requires dynamic netflow analysis, and other tools that are analysing new threats on an hourly basis, and updating systems accordingly."

He adds that there needs to be a marriage of preventative measures and tools that can identify when a breach has occurred. "We know now that a breach is almost inevitable. Traditional tools for prevention are not a silver bullet; they are no longer protecting businesses. Breaches occur, and when they do, they need to be contained and the damage limited, and this needs to be factored into the risk management plan."

In this way, risk analysis and assessment is no longer done on an annual basis, but is an ongoing concern. "Risk managers need to have meaningful data, to make informed decisions about processes and tools. Companies need to find a way to build real-time data into the risk assessment process, and be able to react quickly, on the outcome of the assessments."

Finally, Campbell-Young says there is still the need for a better relationship between IT security and business processes. "A good start would be an open dialogue between risk managers and business executives. A good risk, security and compliance policy will require input from risk managers, businesses users, suppliers, and other stakeholders both within and outside the business. Risk management and performance management are inexorably linked."

Phoenix Distribution

Phoenix Distribution is currently the leading value-added distributor of software, accessories and peripherals across the African continent, covering software publishing, localisation and product distribution across multiple territories in multiple languages. The business is segmented into two divisions, namely corporate software licensing and consumer product distribution.

The business is segmented into two divisions, namely corporate software licensing and retail product distribution, and Phoenix Distribution dominates the consumer and SMB security sectors through key brands which include: Norton/Symantec, AVG, Kaspersky and Bitdefender. Additional brands within the consumer-focused range include, Microsoft software and peripherals, Beats by Dr Dre, Trendnet Wireless products, Monster Cables and mobile accessories.

The corporate licensing division sells volume licensing into the enterprise and SMB reseller environments, as well as covering architecture and implementation. The ESD division delivers download content into all channels, including B2B and B2C.

The retail division delivers physical product into the retail environment, covering all mainstream ICT, CES, telco, lifestyle, fashion and sports outlets, as well as independents and online stores. This division delivers direct to outlets and or customers across sub-Saharan Africa.

Phoenix Distribution is growing at 70% per annum, with additional acceleration coming from development within the greater African marketplace, as well as the acquisition of significant high-end product lines within the enterprise arena. In addition, the company's UK business, PX Security, is firmly entrenched within the UK retail and SMB reseller environments, shipping product through trusted distribution partners into mainstream retail outlets and direct engagement with B2B resellers. The UK operation publishes and distributes Bitdefender, Webroot and Avast.

Additional bespoke services offered to partners include Electronic Software Distribution within the B2B and B2C environments, category management, training and end-to-end merchandising.

Phoenix Distribution, including the UK subsidiary PX Security, was recently acquired by First Technology Holdings.

Editorial contacts