Local SMEs must be vigilant when it comes to cyber security by layering protections and extracting threats before they enter the organisation, says NOAM GREEN.
A recent hacking incident exposed valuable information belonging to a major oil and gas company. How can an organisation with robust security be hacked? Easily. In this case, hackers exploited the lax security of a local delicatessen, which accepted online lunch orders from the oil company’s staff, as a back door into its network. This highlights two issues with security today: humans as the weakest link and small businesses that don’t take security seriously enough.
Small and medium-sized enterprises (SMEs) in South Africa still have the ‚Äòit will never happen to me’ mentality when it comes to cybercrime and believe their information is not valuable to hackers. This is a dangerous mindset to be in because hackers often use small businesses as springboards into larger enterprises. In fact, hackers don’t need a reason to target SMEs – they do it simply because they can and, in most cases, because it’s easy to.
South African enterprises are starting to understand that the global environment in which we operate today makes the world a much smaller place. Although South Africa may be thousands of kilometres away from hackers in China, Russia or the US, for example, technology and the Internet closes that gap to mere milliseconds.
New approach
According to Check Point’s 2015 Annual Security Report malware rose at alarming rates in 2014. The research showed that 106 unknown malware hit an organisation every hour. Therefore it is not enough to simply implement a security solution and hope it provides adequate protection. Once organisations understand that it is not possible to provide a 100% secured environment – and that malware created in a foreign country can impact a South African organisation in seconds – they can start adopting more sophisticated risk mitigation and assessment tools.
Until now, unified threat management included defences such as anti-virus, firewalls, VPNs, and URL and spam filtering. However, these solutions only protect against known threats, exposing organisations to risks that have not yet been identified.
This is why businesses should adopt a multi-layered approach to security that is managed through a unified platform and is able to provide visibility into the environment, including information on how malware entered the network, where it entered, why it got through (for example, via an outdated firewall), and how much damage has been done.
Many South African businesses use multiple best-of-breed security solutions from different vendors. While they believe this offers the best protection, it actually complicates the environment and makes it difficult to pinpoint what went wrong when there is a security incident. If malware gets through these defences, there are multiple points of control that IT needs to look into, which takes time and consumes resources. A centralised system connects the dots and can locate a problem and stop it from spreading a lot quicker.
The more layers an organisation adopts, the harder it becomes for malware to penetrate the network and, therefore, the lower the risk of infection. Now there’s another layer businesses can add‚Ķ
Threat extraction
Cybercriminals often use documents that contain active content – such as macros, embedded objects and JavaScript – as hooks to get malicious code into business environments. If any of these documents are infected with unknown malware, they can easily bypass anti-virus software.
Threat extraction takes a different approach by assuming that no one can be trusted and that all documents containing active content is malicious. It provides complete protection from threats by removing potentially exploitable content, delivering malware-free documents with zero delay. By doing so, it gives an organisation the required balance between security and business efficiency.
By making employees aware of the possible consequences of their actions – like accessing potentially malicious active content – businesses can start to create a culture of security that can help to improve defences. Humans are often the weakest links in the security chain, mostly because they are unaware of the risks or have not been educated on how to protect the business and themselves. To achieve this level of ‚Äòsecurity culture’, businesses need to adopt technology that speaks the language of users and alerts them to potential issues. For example, rather than just blocking certain websites, users should be told why the website was blocked and what the consequences could be if the user decides to continue.
Information security is no longer a technical problem handled by the IT department: every person in the organisation should be empowered with security tools and knowledge to prevent breaches. Hackers target businesses to steal money or intelligence, for hacktivism purposes, or to commit government-level espionage. Unfortunately, every enterprise – including South African SMEs – fits into at least one of these categories.
But there are steps businesses can take to lower their risk. Adopting a multi-layered approach to security and making security part of the company culture is a good place to start. Eliminating threats before they enter the organisation through threat extraction puts businesses a step ahead of attackers.
* Noam Green, Product and Business Manager at Check Point Software Technologies
* Follow Gadget on Twitter on @GadgetZA