///////////////////////////////////////////
INDUSTRY WATCH
unsophisticated attacks go through where
they could have been prevented.
There is no doubt that over the last five
years, IT teams in the Middle East and Africa
(MEA) have understood that traditional
security simply cannot protect against the
complex malware types we are seeing today.
In fact, many organisations understand
that a product or a solution will not protect
you, but it is what you do with that product
that makes the difference. Because of
these applications can result in malware
• Systems are not kept up to date and
patched, meaning that malware
utilising exploits that have already been
addressed by the vendors can still be
successful in infection
• Organisations allow risky file types and
rely on single point products in their
critical dataflow such as mail, USB’s
and web-browsing. Should anyone
really be allowed to receive a file which
is compressed at multiple layers and
MANY ORGANISATIONS
UNDERSTAND THAT A
PRODUCT OR A SOLUTION
WILL NOT PROTECT YOU,
BUT IT IS WHAT YOU DO WITH
THAT PRODUCT THAT MAKES
THE DIFFERENCE.
this, they are spending a lot of money on
technology around cybersecurity and we also
see great levels of investment and focus on
governance, risk and compliance.
This is evident from the increase in the
number of businesses successfully securing
accreditations, such as ISO27001:2013,
and the active role governments in the
region are taking to introduce regional
security standards. Good examples are the
work performed by SAMA, NESA and DESC
where their guidance on what is considered
mandatory information security helps us
raise the bar for cybersecurity robustness in
the region.
Despite these positive developments
however, there does remain critical flaws in
frameworks and policies and this places even
organisations that have invested in network
security solutions square in the sights of
attackers. Among these are:
• The users have too many rights. They can
install applications outside a governance
or validation process and unfortunately
82
INTELLIGENTCIO
includes a full executable? Macro-enabled
office documents are the biggest
carriers of malware. Why then do we
still allow such documents to come into
the organisation without stripping the
potentially malicious content?
• Some IT teams are simply too caught up
operating their infrastructure and systems
to stop for a minute and understand their
risks. So, while they invest in expensive
boxes, they may not take the necessary
effort to ensure the systems are
addressing the issues
• Finally, the most dominant issue is that
organisations very often fail to listen
to the events that their systems are
generating. An alert from a firewall, a
log from a web-proxy, behaviour in a
DNS request or file activity on a client
machine can all be early indicators of an
attack. Even when event management
is happening, it is very often only done
during working hours, whereas attackers
work around the clock. Therefore, your
security operations should do the same.
If you cannot do that due to resource
constraints, then it is time to get some
help. I think only a handful of
organisations in the region can secure
the correct budget and competence
to operate their security events and
therefore leveraging managed security
services is extremely appealing.
The ingenuity of the modern
cybercriminal means that not every
security risk can be fixed by tending
to these glaring concerns, but these
have proved to be the reasons behind
the most common attacks we have
witnessed in the region. Worse still, it is
often unsophisticated attacks that result
in data breaches, simply because basic
precautions haven’t been taken.
www.intelligentcio.com