Plan your cyber defence

As South Africa becomes more connected, the chances of a company or individual being hacked are on the increase. Infant, according to DREW VAN VUUREN, a consulting partner at 4Di Privaca, it is no longer a case of “if” you get attacked but more like “when” you get attacked.

Cyber-attacks in South Africa, although not widely publicised, are becoming the norm now that we as a nation are plugged into the backbone of the Internet given the modernisation of our telecoms infrastructure. The cost of Phishing attacks in South Africa amounted to approximately $320 million in 2013 alone, and today, it is not a matter of “if” your company is going to be a target, but rather “when”, says Drew van Vuuren, Consulting Services Partner at 4Di Privaca

A cyber attack is an attack that is carried out primarily through the internet. Attacks may target the public or an organisation, no matter the size, and are carried out through malicious programs, unauthorised web access, fake websites, and other means of stealing personal or sensitive information.

These days hackers are more methodical, and if you have not kept up with the latest cybercrime developments you could be facing avoidable risks without realising it. Not having a security policy in place could impact on your company’s reputation, as well as having a costly revenue impact.

That’s why it is more important than ever before to undertake regular vulnerability scans and penetration testing to identify vulnerabilities and to ensure on a regular basis, that your organisation’s security controls are effective. Vulnerability scanning assesses the networks, servers, and applications for vulnerabilities, however the negative side of a purely vulnerability scanning is that false positives are frequently reported. False positives may be a sign that an existing security mechanism is not fully effective.

Penetration testing looks at vulnerabilities and will try and exploit them in a safe manner. Organisations need to conduct regular testing of their systems for the following key reasons:

· To determine the weakness in the infrastructure (hardware) applications (software)

· To ensure controls have been implemented and are effective Рthis provides assurance to information security and senior management

· To test applications that are often the conduit for an attack

· To discover new bugs in existing software as patches and updates can fix existing vulnerabilities, but they can also introduce new vulnerabilities.

Vulnerability scanning and penetration testing can also test an organisation’s ability to detect intrusions and breaches. Organisations need to scan the external available infrastructure and applications to protect against external threats. They also need to test internally to protect against insider threat and compromised systems. Internal testing needs to include the controls between different enterprise systems to ensure these are correctly configured. In order to detect recently discovered, previously unknown vulnerabilities, penetration testing should be run on a regular basis. The minimum frequency depends on the type of testing being conducted and the target of the test. Testing should be at least annually, and maybe monthly for internal vulnerability scanning of workstations. Standards such as the PCI DSS recommend intervals for various scan types. Penetration testing should be undertaken after deployment of new infrastructure and applications as well as after major changes to infrastructure and applications.

* Follow Gadget on Twitter on @GadgetZA