Tech/people balance crucial in security battle
Considering the frequency with which new and increasingly complicated cyber threats are created, the challenge is always to balance technology, people and processes.
This is according to Paul Roberts, regional director NEMEA and South Africa at Arbor Networks, who adds that deploying all the latest and greatest technology on its own is not going to solve security problems.
"Those technology solutions need to be managed, the alerts they create need to be investigated and escalated in some cases. There need to be people who understand the solutions and know how to optimise them," Roberts points out. "They need to have internal processes that are repeatable and rehearsed, so in the event of an attack, your teams know how to respond. It takes all three elements working together, technology, people and process, to achieve robust network security."
Given the nature of threats today, a critical question for network operators, says Roberts, is how quickly can you detect threats lurking within your network?
"Prevention is the goal, but detection is the key. All threats are hidden in network traffic, so it is critical to have as much intelligence about the traffic on your network as possible. It is no longer possible to simply block everything at the perimeter," he says. "You must be able to see and understand what is happening on your network. Who is talking to whom, and why? Are there abnormal traffic patterns, application use?"
Additionally, Roberts observes that cloud computing, social media and mobility present considerable challenges to network operators, further noting that no longer can enterprise assets be secured behind well protected perimeters.
"Employees are accessing data with personal, unsecured devices. Corporate information resides in multiple third-party networks, or clouds, from your e-mail provider, salesforce software, storage and numerous applications that employees use to run the business," he says. "The security of your business is now no longer solely under your control. It is in the hands of all these partners too. That is a sea change. Solutions that can stitch together an internal and external understanding of network traffic are essential in this bifurcated model."
Roberts points out that the frequency of incidents is on the rise, but hackers are not always to blame. To illustrate, he cites a 2014 global CISO survey commissioned by Arbor Networks and conducted by The Economist Intelligence Unit.
What they found was that over three quarters of organisations have suffered an incident such as theft of information in the past 12 months. The number of incidents is on the increase, although not all are malicious. In the past year, the most common incidents were accidental major systems outages (29%) and the loss of sensitive data by an employee (27%).
The survey also states that the majority (57%) of organisations do not voluntarily report incidents, which they are not legally required to do.
"This tendency towards secrecy vis-`a-vis regulators and the public applies equally to corporate peer groups. While some sectors, such as finance and higher education, collaborate with their competitors to thwart cyber-attacks, the practice is not widespread. Only one firm in three is currently sharing intelligence about threats."
Roberts concludes that companies should be prepared to respond to a range of potential threats, both external and internal. After all, business is conducted by people, and people make mistakes.