Enterprises are on the verge of losing the cyber security battle in the face of stronger opponents using new modes of attack, say information security experts set to address the upcoming ITWeb IT Security Summit.
Taking on these new challenges requires new strategies combined with a back-to-basics approach, they say. Both local and international information security experts said ahead of the Summit that the risks of cyber war, data theft, hacking and fraud in the cybersphere cannot be understated. In fact, the risks are greater than ever before, they say, and the information security industry is losing the battle against cybercrime.
Prof. Basie von Solms, Director of the Centre for Cyber Security at the University of Johannesburg, says the time has come for legitimate co-operative action by state and private sector role players in breaking the traditional security mould which "is proving so ineffective against sophisticated adversaries".
"The traditional approach to cyber security has been mainly a defensive one. Now, we need to be more proactive - and possibly even slightly aggressive - in our approach. We need to go to the next level and gather counter-intelligence that allows us to know our enemy and plan our defences accordingly."
Haroon Meer, founder of Thinkst, says last year's Snowden revelations have served as a wake-up call for states, politicians and economic powerhouses, and pointed to the vulnerable position technology consumers find themselves in. "For a long time, security people have had trouble convincing management that well-funded and organised attackers are targeting their data. Now, there is a growing realisation of the value of data and the responsibility businesses have for protecting data."
Andrew Mpofu, IT Security Audit Manager at the South African Post Office notes that 'risk follows opportunity' in an online era, with a proliferation of easily available hacking tools now available to allow virtually anyone to hack poorly designed applications, with potentially devastating consequences.
Guy Golan, CEO of the Performanta Group, says: "For years, the information security industry has been warning of the risk of industrial espionage and hacking, but only now that we see actual incidents resulting in substantial financial losses, are companies taking the risk seriously." Golan says enterprises need a back-to-basics approach, in which every endpoint and basic security is tackled effectively from the outset.
Maiendra Moodley, Divisional Head (GM) Financial Systems and Processes at SITA, adds that achieving the right levels of security begins with a thorough risk assessment encompassing both information and physical security. "These areas are increasingly linked, so they need to be seen as part of a holistic security strategy that also includes sub-disciplines such as fraud and risk management," he says.
Nader Henein, security advisor at BlackBerry's security group, points out that in addition to criminal attacks and fraud, new trends such as mobility are leaving enterprises wide open. Even legitimate mobile applications connect to users' personal information and contact lists, he notes. "While these applications may be legitimate, they may share the data on a mobile device with a third party without the consent of those contacts, raising serious governance, risk and compliance issues for the enterprise."
Share