Subscribe
  • Home
  • /
  • Security
  • /
  • CISOs not investing in insider threat defences

CISOs not investing in insider threat defences

Regina Pazvakavambwa
By Regina Pazvakavambwa, ITWeb portals journalist.
Johannesburg, 21 May 2018
Gareth James, network and security sales specialist for VMware.
Gareth James, network and security sales specialist for VMware.

There is a disconnect between what local chief information security officers (CISOs) see as their greatest threats and the type of solutions they are investing in.

This is according to Gareth James, network and security sales specialist at VMware South Africa, presenting the results in Johannesburg last week of an information security survey ITWeb conducted in partnership with VMware.

The survey ran online during April and captured the input of 62 local cyber-security professionals. Almost one-third of the respondents were C-level executives and a further 44% were mid-level managers. Most respondents work in the financial sector, IT and government.

South African CISOs (73%) view insider attacks as the greatest security risk to their businesses, the survey found.

More than three-quarters of South African companies experienced phishing or other impersonation attacks over the past year, noted James.

The insider threat consists of equal number of complicit or malicious employees who deliberately steal information or damage systems, and unintentional insiders, or employees whose actions are careless, and do things such as write their passwords on Post-It notes, he explained.

The current controls are perimeter-centric, with more than 90% of the respondents saying they have implemented endpoint security, and 94% having applied firewalls, said James. Yet, fewer than half have data leakage prevention (DLP) solutions in place and only 40% employ mobile device management solutions, he elaborated.

"Perimeter-based security and signature-based endpoint protections are the predominant responses already in place. What is less prevalent are the things like micro-segmentation and DLP, protections for the inside. Clearly when the threat is from the inside, but the counterpoint to that is that our current controls are perimeter-centric, here we have a disconnect.

"The social aspect of security has become huge and it has become more and more focused on someone using social engineering to try and get inside. So the risk from inside-out is becoming the actual real problem."

Minimising risk surfaces

According to Jeremy van Doorn, senior director of pre-sales: SDDC networking and security division for VMware EMEA, because the network perimeter has being worked on for so long and has become quite strong, hackers are looking at application faults and how they can expand their footprint within the data centre, and they are using the weakest link: the human.

As such, it's critical to work on minimising risk surfaces so that if a company gets breached, there is minimal damage, he added.

Speaking about how to tackle cyber security, Van Doorn said organisations must select suppliers who are reputable and reliable, with strong security measures in place.

"Hackers will look at all your weakest link and your supplier might be a way into your organisation's network."

Van Doorn pointed out that businesses also need to encourage employee accountability and engagement.

"The whole workforce has to be educated about security threats and it should be every employee's responsibility to look after security. If we can't trust a device, then it should not be allowed on the network."

Moreover, companies should embrace automation as it helps reduce human error and provides protection for the whole environment, said Van Doorn.

Share how you stopped an attack

Organisations also need to realise that sharing the mechanisms they utilised to prevent or remove attacks is important in combating cyber crime, said James.

"Sure, they can anonymise the information about their organisation and where the breach was attempted, but [they can] at least try and find a way of sharing security mechanisms, so others can create similar mechanisms to protect themselves.

"We need to be proud when we stop or end an attack and share that information of how we did it because together we can be stronger. You clearly see on hacking forums people taking credit for being able to hack into a news Web site, and sharing how they did it," said Van Doorn.

"I think if we as companies start to take credit for how we stopped an attack and sharing how we did it, we will become stronger; it will be good for South Africa and even for the world as a whole."

Share