Why hire people to breach your network? | #eBizWires
As data breaches become more commonplace, littering the headlines on a daily basis, businesses of all types and across all industries need to work on the assumption that they are a target. Because of this, organisations, especially those who house sensitive, valuable and proprietary data, need to ensure that they have a solid security strategy, as well as an incident response plan in place.
“Any good security strategy needs to be a combination of technology, people and processes. Moreover, the strategy needs to be tested on a regular and ongoing basis,” says MJ Strydom, Managing Director at DRS.
He says this is where penetration testing comes in. “What better way is there to prepare for an attack, than to have experts, who have the same skills that the cyber criminals do, see if they can breach your defences. This will ensure that the right protocols can be put into place should any real-world attacks happen.”
Penetration testing (or pen testing) is essentially running controlled hacking exercises against a business network and systems in order to show how threat actors might be able to get in. It can see any number of manual and automated tests being performed on corporate networks, systems as well as individuals to determine if they are susceptible to an attack.
According to Strydom, the intelligence gleaned during these exercises can then be used to highlight and sort out any weaknesses that are found. This helps organisations to close any security gaps, and shut off possible attack vectors. “It also helps them to truly understand how attacks work so that they are better equipped to handle any actual threats that may occur in the future.”
Remember, he says, that there is no silver bullet solution when it comes to security. “The chances are that any hacker who is determined enough will eventually get in. At its core, security is nothing if not an exercise in lessening the attack surface to the very possible minimum. Cyber criminals will always take the path of least resistance, and go for the low hanging fruit. The best a business can hope for is to make themselves a less attractive target than the next business.”
He says companies should also follow the basics, and ensure that security efforts are concentrated on the most valuable assets first. “A lot of services, for example, don’t need to be directly accessible to the internet. Think before having a blanket approach to all resources. In addition, have two, or even three-factor authentication in place, especially for any services that would be high value should the business be compromised.”
Also, don’t just have a stringent password policy in place, actually enforce it, he adds. “A company can say they insist on strong passwords, but someone will always go the easy and memorable route. Insist on the strongest possible passwords, and make sure they are changed on a regular basis.”
Remember, says Strydom, that humans are often the weakest link in s company’s security chain. “Even the most security savvy employee can open a malicious attachment, or click on the wrong link. We all make mistakes, we all get distracted. Add to that the slew of devices flooding the enterprise thanks to BYOD, and the borders of the network get wider, and harder to control.”
Complacency simply isn’t an option. “Find out as soon as possible, and on a regular basis, where your weak points are, and where security posture needs to be improved. Any robust security strategy needs to be bolstered by thorough and ongoing testing, to make sure that confidential and proprietary data is better protected from increasingly complex and cunning cyber criminals.”
Dynamic Recovery Services (DRS) is an ICT services and solutions provider specialising in providing innovation and agility in information security, IT risk management and IT governance. The company provides security services with a portfolio that satisfies customer needs, from the creation of security strategy to the daily operation of point security products.
The company partners with market-leading technology providers to ensure the best supply of infrastructure as well as execution of professional services, ensuring that the selected products are effectively implemented and operate efficiently in the business environment.
Cognosec is an IT security company engaged worldwide, operating in a multitude of industries including banking, finance, government, healthcare, retail, manufacturing and hospitality. Cognosec’s extensive experience in security, governance, risk and compliance services allows the company to offer the best in payment, communications, network, and e-commerce security.
Cognosec is certified in QSA, ASV, (P2PE) PA-QSA, CESG Penetration, Testing, CESG Cyber Security Incident Response.
- DIABETES TREATMENT GOALS STILL SUBOPTIMAL | eBizHealth - November 14, 2017
- Aiding mobile device investigations - November 7, 2017
- Hetzner breach exposes the need for cyber insurance | #eBizWires | Simon Campbell-Young - November 6, 2017
- Explaining the Brenva Cut-Sheet Press - November 3, 2017
- Credence Security wins distribution rights to EgoSecure - November 2, 2017
- - November 1, 2017
- Finding ways to fight ransomware | #eBizWires - October 31, 2017
- EOH brings AWS to the South African market | #eBizWires - October 31, 2017
- So much more than a pretty face | #eBizInsights - October 31, 2017
- How safe is online shopping? | #ebizradio | #Digital | #Rob Brown - October 30, 2017