A dramatic change of mindset is needed to face today's upsurge of security risks, as most corporate and enterprise security "still sucks completely", said Haroon Meer, founder of Thinkst Applied Research, at ITWeb Security Summit 2016 in Midrand today.
The Snowden leaks of 2013 brought global attention to widespread flaws in the international security industry, and "aside from massive wrongdoing by certain governments, [Snowden] showed the world the value of hacking", said Meer.
"As more people figure out the value of information, more leaks are going to happen," with the Panama Papers being a strong early example of this, he continued.
Additionally, the escalating complexity of ICT "is now so off the scales that I don't believe any of us have a handle on it".
Facing the facts
Businesses need to invest in expert security staff who can make strategic and effective decisions with limited resources, and think more critically about out-of-the-box security solutions, Meer suggested.
Software monopolies build up monocultures that are easy to attack, and "you can't mitigate vulnerable attack surfaces by adding more attack surfaces", Meer said of enterprise security systems that "come in a nice box".
The reality for enterprises is that there are so many different flaws to patch that it is possible to have an entire security staff that is constantly busy, but not moving "forward" at all, he continued.
Meer noted that locating weak points is not the same as identifying how and for what reason an organisation is most likely to be attacked, and tactically prioritising security resources around these specific risk points.
In addition, "you need security people that enable your business, not people that tell you what you can't do all the time... if your security team is introducing blocking to the organisation, chances are you've got the wrong guys".
A strong security team must be able to make shrewd decisions to leverage productivity while circumventing risks, and these solutions are not necessarily expensive or complex, Meer said, noting that sometimes an effective security adjustment can be so simple it seems laughable.
By means of example, Meer mentioned an instance in which adding two lines of PowerShell code enabled a system that sent out an e-mail whenever a new person was used as a domain administrator: a common sign of a system being hacked.
He also suggested instituting alerts whenever a user "SSHes" into a system from a new IP address. "You'll get a lot of false positives," but this simple solution could identify that a system is being hacked "six months before Sony did".
Share