Subscribe
  • Home
  • /
  • TechForum
  • /
  • This is why so many CIOs/CISOs positions are becoming more challenging

This is why so many CIOs/CISOs positions are becoming more challenging

CIOs and CISOs across industries are regularly moving between positions and companies because of this common mistake, says Pieter Engelbrecht, Aruba BU Manager for sub-Saharan Africa.


Johannesburg, 31 Oct 2018

It's your worst possible nightmare. A hacker has breached the company's network and shut down its operations. Millions in revenue are being lost. And even worse, you're blamed.

This is becoming an all too familiar scenario for CIOs and CISOs tasked with securing their companies' networks, says Pieter Engelbrecht, Aruba BU Manager for sub-Saharan Africa. No sooner have they entered an organisation and put security systems in place, then they find themselves blamed for a successful breach of the company.

So, where does it all go wrong?

Network visibility is not a nice-to-have

Most CIOs or CISOs allocate their funding towards securing their data centre. However, when it comes to implementing a system that provides them with full visibility of their network, they consider it simply a nice-to-have.

So they implement basic security elements like a firewall and assume they'll be okay. But, in reality, should an attack happen at the edge of the company's network, the only way they can possibly know is by doing a deep dive to investigate each and every occurrence that might indicate a breach.

We all know this simply isn't possible, though. When a user is locked out of his/her account, the IT department will rarely ever take the time to investigate why. It simply unlocks the account and moves on to the next problem.

It's true that when users are locked out, it might be because they forgot their password, but it could also be an indication of something far more sinister.

Every lock-out is a potential attack

Aruba recently had a case, for example, where a client kept on getting locked out of the system. Not realising there was a problem, the client kept unlocking the system and moving on.

That is until one Sunday morning when around 1 000 lock-outs occurred simultaneously. On taking up the matter, Aruba discovered these lock-outs were a direct result of hackers attacking the network in order to access sensitive information.

And, the most concerning part of all was that the devices being used to launch the attacks were, in fact, the company's own devices. When Aruba investigated further, it found these devices had actually been stolen some time ago.

Your greatest vulnerability is unguarded

So, while CIOs essentially have no idea if and when attacks are happening at the edge, this is exactly where an organisation's greatest vulnerability lies. Think of the average digital environment today: thanks to IOT, there are more connected devices than there have ever been before.

Each device is a potential gateway for a major breach. And think of the consequences of the massive data breaches that have been occurring across the world. Millions are being lost on a regular basis.

One only needs to take a look at the statistics to see the odds of escaping one of these attacks are not good. In fact, according to the 2016 Global Megatrends in Cybersecurity report, 67% of companies with critical infrastructure suffered at least one attack during the course of those 12 months.

How can CIOs and CISOs secure their positions?

The only way a business can possibly remain secure under these circumstances is if the CISO or security team receives notifications as soon as something occurs on the network that is deemed to be out of the norm.

Essentially an end-to-end system that can detect attacks and respond rapidly is vital. And it needs to cover the entire network from the data centre to the edge.

Aruba, for example, has an end-to-end solution comprising ClearPass and IntroSpect. ClearPass provides companies with proper network access control and is device agnostic, which means it can cover everything from a company's vending machine to industrial IOT equipment.

On the other hand, IntroSpect is an analytics solution that sits on top of a company's security solutions, for example, its firewall. Based on its analyses of these solutions, IntroSpect creates profiles for individual users. Then, if activity takes place on the network, which is outside of a user's typical profile, it immediately alerts the security officer.

Say, for example, a particular user typically logs into the company network from South Africa between 8am and 10pm, but then one day that user logs in from Russia at 2am, IntroSpect will immediately know something is wrong. And it can take this analysis as far as detecting when a user is typing more slowly to how s/he would normally.

Then, once IntroSpect identifies a network intruder, ClearPass automatically kicks the intruder off the network.

Combined, these two technologies effectively ensure CIOs have not only visibility, but also complete control of their entire network.

It's the only way to truly ensure you aren't the next CIO a network breach sends packing.

Share

Editorial contacts

Karabo Motsoai
WE-Worldwide
kmotsoai@we-worldwide.com