Layered defences vital for infosec
Many South African companies appear to focus on implementing information security products without a clear understanding of what it is these cover, as opposed to using a layered defence strategy.
So says Tyrone Erasmus, managing consultant at MWR InfoSecurity SA, who will present at ITWeb Security Summit 2015.
He says while there are local companies that really understand what is at stake, and the possible impact of being breached, "sadly, many organisations at their most senior levels are not able to see the link between security breaches and monetary loss. This causes them to treat security as another tick in the compliance box within their organisation".
The result, he says, is that organisations in many sectors are being breached weekly.
Asked to comment on the most prevalent types of attacks being experienced locally, Erasmus responds: "This depends on who your organisation is and what motivation someone would have to target you. Different threat actors with different skills levels might be targeting the same organisation, and their method of attack would be completely different."
Hackers or 'script kiddies' would almost certainly be scanning the Internet for vulnerable infrastructure and exploiting opportunistically, says Erasmus, adding they would be noisy in their techniques.
However, a skilled attacker targeting a specific organisation would have a much lower profile and would not trigger any alarms, he notes. Such an attacker would seek to abuse subtleties in an organisation's security and would likely look to targeting select employees to gain a foothold, adds Erasmus.
He advises business leaders to harden their internal networks, and view these as hostile zones rather than trustworthy assets. In addition, he believes they should allocate budget for attack detection systems, and fine-tune these to focus on their business-critical systems.
"Organisations are slowly realising that focusing security efforts on hardening Internet-facing systems is not enough. With the proliferation of stories on large international companies being breached and losing millions, this has sparked the question: 'Could this happen to us?'", he says.
Erasmus' presentation at the 10th annual ITWeb Security Summit will cover breaching the network perimeter over the Internet, escalating privileges on a network, learning the business processes of an organisation, and finding business assets.
His content will be based on anonymous case studies of attacks performed in the past by MWR InfoSecurity red teams, on companies that hired them to do so. His aim is for delegates "to learn how to look at an organisation through the eyes of a sophisticated attacker. This will hopefully alter peoples' perspectives on what is important when attempting to secure an organisation against attack."