Technology doesn't detect attacks, people do

Jacques Louw: Invest in employing skilled individuals.
Jacques Louw: Invest in employing skilled individuals.

Detection technology without appropriately skilled people will miss targeted attacks. Technology doesn't detect attacks, people do, said Jacques Louw, director at cyber security consultancy firm MWR InfoSecurity.

Speaking on day one of the ITWeb Security Summit 2017 in Midrand yesterday, Louw said organisations should rather invest in employing skilled individuals.

"Spending money on technology before there is a specific set of requirements from a detection team is wasteful, and creates a false sense of security," said Louw. "Through cyber threat hunting, instead of setting out static controls companies can rather make the policy on how to get to the correct controls."

Cyber threat hunting is defined as the process of proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions.

Referring to the 'Paris model of threat hunting', Louw recommends that companies should make threat modelling and attack path mapping a core component of their security strategy. "Make the process by which you, as a company, decide on appropriate policy, not the controls themselves. Companies should look at solving the problem rather than ticking boxes," he concluded.

Spending money on technology before there is a specific set of requirements from a detection team is wasteful.

Jacques Louw, MWR InfoSecurity

Investec's group security officer, Herman Young, also advocated for organisations to use target attack simulations to test their systems. He said that organisations need to know who and what they are defending against and where their failures lie.

"At the end of the exercise you have not only checked your defences but you have improved everything and patched issues you didn't know you had before," Young said.

Read time 1min 30sec
Kgaogelo Letsebe
Portals journalist

Kgaogelo Letsebe (nee Mamabolo) is a journalist originally from Pretoria, Gauteng. She holds a BTech in Journalism from Tshwane University of Technology (Pretoria campus). With almost 10 years in the media and printing industry, KG as she is known, has honed her writing skills in various media sectors such as business, IT, built environment engineering, and food and beverage technology industry. As an assistant editor, her work has been used in The Butcher magazine, Food Processing Africa digital magazine and Food and Beverage magazine. When she's not frantically chasing deadlines, KG spends time with her husband and daughter, meditates to SA jazz tunes or indulges in African history books.

Have your say
a few seconds ago
Be the first to comment