Redstor guide to effective, robust corporate security
There is a heightened sense of cyber security in the corporate world. Companies are now more aware than ever before of the level of risk they are exposed to and the real danger that sophisticated cyber threats pose.
Cyber criminals are using sophisticated tech-driven methods to extort, hack and otherwise 'hijack' poorly defended systems for their own gain.
To help businesses better protect themselves and their resources, and effectively deal with the impact of Europe's General Data Protection Regulation (GDPR) and South Africa's Protection of Personal Information (POPI) legislation, global data management SaaS specialist Redstor has published a comprehensive guide.
How to protect your IT environment against the evolving threat of cyber crime was introduced in February 2018.
The company has drawn on its plus-20 years of experience in supporting business processes, most notably, security, to draft and release the document.
Businesses can use all the support and guidance they can get, says Danie Marais, Director of Product Management at Redstor.
"Cyber crimes and incidents have become headline worthy news and, with the names of companies affected including the likes of Facebook and Uber, it's no little wonder why. Despite an updated mandate to ensure all incidents are reported quickly, some organisations are failing to do so, and incidents make news years afterwards," says Marais.
He says the year kicked off in fine form, as it was announced that widely used microchips manufactured by Intel and other firms included an exploitable vulnerability that could lead to large-scale data breaches.
"The Spectre and Meltdown vulnerabilities gave hackers the ability to access cached data stored in an operating system kernel. While most implementations limit access to this cache, a malicious code of ransomware strain could be designed to assist in data theft," Marais adds.
As Redstor explains, this vulnerability was discovered by the Google Project Zero team, and manufacturers at Intel and others worked to patch systems against the vulnerability very quickly following it making headlines.
The company said malware and ransomware dominated news headlines throughout 2016 and 2017.
However, crypto-currency has also emerged as a challenge.
"The growth in use of crypto-currencies at the same time leads to the wide-scale use of crypto-currency as a payment method for exploitation or ransom by cyber-criminals," Marais continues.
"In February, crypto-jacking made headlines as a strain of malware designed to infect Web sites and mine crypto-currency from them was found on a number of sites, including some UK government sites and the Information Commissioner's Office (ICO) Web site," he adds.
Not for the first time, the telecommunications and electronics retail brand came under fire when a large-scale breach of systems led to details of millions of customers being stolen. The breach, which was not detailed, allowed hackers to steal card details of close to 6 million customers in addition to personal information of over 1 million customers. While pin numbers were not held, this represents a significant risk to users, be it through fraudulent activity or further attacks such as ransomware.
This is not the first time Dixons Carphone has faced a breach, with a similar incident occurring in 2015.
According to Redstor, as the use of technology grows, it can be all too easy to become reliant on it. As this happens, the cost of downtime increases, and organisations must prepare for this.
Marais says disaster recovery and business continuity grows in importance and systems must also be tested so failover processes will work when needed most. Different threats may result in different types of downtime or lead to inaccessibility of certain systems, and different stakeholders may require certain systems back first; this will also need to be accounted for.
With the advent of cloud and AI, organisations will have to pay closer attention to security, and Redstor's guide will make a substantial difference in formulating and enforcing strategy.