As data breaches become more commonplace, littering the headlines on a daily basis, businesses of all types and across all industries need to work on the assumption that they are a target. Because of this, organisations, especially those who house sensitive, valuable and proprietary data, need to ensure that they have a solid security strategy, as well as an incident response plan in place.
“Any good security strategy needs to be a combination of technology, people and processes. Moreover, the strategy needs to be tested on a regular and ongoing basis,” says MJ Strydom, Managing Director at DRS.
He says this is where penetration testing comes in. “What better way is there to prepare for an attack, than to have experts, who have the same skills that the cyber criminals do, see if they can breach your defences. This will ensure that the right protocols can be put into place should any real-world attacks happen.”
Penetration testing (or pen testing) is essentially running controlled hacking exercises against a business network and systems in order to show how threat actors might be able to get in. It can see any number of manual and automated tests being performed on corporate networks, systems as well as individuals to determine if they are susceptible to an attack.
According to Strydom, the intelligence gleaned during these exercises can then be used to highlight and sort out any weaknesses that are found. This helps organisations to close any security gaps, and shut off possible attack vectors. “It also helps them to truly understand how attacks work so that they are better equipped to handle any actual threats that may occur in the future.”
Remember, he says, that there is no silver bullet solution when it comes to security. “The chances are that any hacker who is determined enough will eventually get in. At its core, security is nothing if not an exercise in lessening the attack surface to the very possible minimum. Cyber criminals will always take the path of least resistance, and go for the low hanging fruit. The best a business can hope for is to make themselves a less attractive target than the next business.”
He says companies should also follow the basics, and ensure that security efforts are concentrated on the most valuable assets first. “A lot of services, for example, don’t need to be directly accessible to the internet. Think before having a blanket approach to all resources. In addition, have two, or even three-factor authentication in place, especially for any services that would be high value should the business be compromised.”
Also, don’t just have a stringent password policy in place, actually enforce it, he adds. “A company can say they insist on strong passwords, but someone will always go the easy and memorable route. Insist on the strongest possible passwords, and make sure they are changed on a regular basis.”
Remember, says Strydom, that humans are often the weakest link in s company’s security chain. “Even the most security savvy employee can open a malicious attachment, or click on the wrong link. We all make mistakes, we all get distracted. Add to that the slew of devices flooding the enterprise thanks to BYOD, and the borders of the network get wider, and harder to control.”
Complacency simply isn’t an option. “Find out as soon as possible, and on a regular basis, where your weak points are, and where security posture needs to be improved. Any robust security strategy needs to be bolstered by thorough and ongoing testing, to make sure that confidential and proprietary data is better protected from increasingly complex and cunning cyber criminals.”
Dynamic Recovery Services (DRS) is an ICT services and solutions provider specialising in providing innovation and agility in information security, IT risk management and IT governance. The company provides security services with a portfolio that satisfies customer needs, from the creation of security strategy to the daily operation of point security products.
The company partners with market-leading technology providers to ensure the best supply of infrastructure as well as execution of professional services, ensuring that the selected products are effectively implemented and operate efficiently in the business environment.
Cognosec is an IT security company engaged worldwide, operating in a multitude of industries including banking, finance, government, healthcare, retail, manufacturing and hospitality. Cognosec’s extensive experience in security, governance, risk and compliance services allows the company to offer the best in payment, communications, network, and e-commerce security.
Cognosec is certified in QSA, ASV, (P2PE) PA-QSA, CESG Penetration, Testing, CESG Cyber Security Incident Response.
- The Youth Unemployment Crisis – What is the impact on individuals and the economy | #Insights | Bryden Morton | Chris Blair | 21st Century | #ebizradio - October 20, 2021
- Going Digital against #GBV | MIP partners with TEARS Foundation | Richard Firth | Mara Glennie | #Digital | #ebizradio - October 19, 2021
- Firstwatch announces 2021 initiative to support entrepreneurs | #Entrepreneurs | #PayItForward | #ebizradio - October 19, 2021
- See me, Understand me, Learn with me | #Insight | #Education | The Montessori model enters your home | Madeline Hoban | InHome Montessori - October 19, 2021
- Is your business ready for the new frontier of hybrid working | Business Brunch with Björn | #Entrepreneur | #Technology | Craig Johnson | NSN.CO.ZA - October 19, 2021
- Abundance is not what’s in your wallet | #Insight | #LunchtimeSeries | Kevin Britz | Naomi Basson | #Podcast | #ebizradio - October 18, 2021
- How important is Employer Branding to you and your business? | #Insight | #HR | Pabi Mogosetsi | UNIVERSUM | #Podcast | #ebizradio - October 18, 2021
- Motoring News | Diesel and Dust | Tumelo Maketekete | #Motoring | #ebizradio | #Podcast - October 15, 2021
- How is AI going to affect both Business and the Advertising landscapes? | #Marketing | #LunchtimeSeries | Kevin Britz | Craig Page-Lee | #ebizradio | #Podcast - October 15, 2021
- How do youth actually consume content? | #Entrepreneur | #WordOfMouth | Lindi Tshabangu | Khathutshelo Bapela | #Podcast | #ebizradio - October 14, 2021