Intelligent CIO Africa Issue 68 | Page 32

TALKING

‘‘ business from different places . Credential stuffing still works in spite of two-factor authentication and / or CAPTCHA . Attackers won ’ t innovate new attack vectors as long as the original vector remains successful . All they need to do is come up with a way to dodge new defences .

Companies do need to consider emerging threats and try to prepare for them , but the industry also needs to continue to mitigate last year ’ s threats .
Myth 4 : Managing multiple clouds is a hard challenge that requires unobtainable talent . desktops-everything inside the organisation . What they largely are not focused on is the home networks of all the organisation ’ s employees .
An attacker might want to target the CEO to access mergers and acquisitions insights or other strategic information , but monetising that isn ’ t as easy as targeting an accounts payable clerk or an IT administrator . At a time when working from home is more common than ever , home networks are an emerging loophole for bad actors .
Myth 6 : You can trust your employees .
The multiple cloud world is a reality that many , if not most , companies are living in today . Whether it ’ s because of an acquisition , integration with a partner , or just capturing best-of-breed features , multi-cloud is here to stay .
Insider threats have an enormous advantage simply because it ’ s human nature to assume the best of those around us . But the fact is you can ’ t hire 50 or 100 employees without the very real risk of introducing a bad apple or two to the barrel .
Yet when I ask companies if they ’ re in multiple clouds , one answer I hear repeatedly is some version of , “ Yes , unfortunately .” Companies who operate across multiple clouds sometimes do so begrudgingly and don ’ t embrace the opportunity to get the best of all worlds .
Disgruntled employees don ’ t just leave bad reviews on Glassdoor . They can throw sensitive files on to a thumb drive and walk right out the door . There ’ s even a growing concern that they might leave malicious software in the system .
Today , there ’ s no reason that managing and securing your IT estate across multiple clouds should be arduous . Cloud vendors have built interoperability into their strategies , and there are many other providers whose solutions are designed to remove the burden of integration , abstract their functionality across clouds , and deliver it through a simple , unified interface .
Myth 5 : Securing the enterprise ’ s architecture and devices is enough .
Security teams are focused on the enterprise ’ s infrastructure , their servers , their computers , their
I ’ ve long had a theory that insiders are probably behind a lot of ransomware attacks . An IT administrator can easily create a persona on the dark web , give that persona access to the system to install malware , and then issue a demand for ransom-and in turn advocate that the company just pay the ransom . It ’ s important to note that I ’ ve not yet seen evidence of this , but the incentive is certainly there .
Myth 7 : Our biggest cyberthreats come from nation state actors targeting infrastructure .
When the Colonial Pipeline was attacked a year ago , causing long lines at gas stations that inconvenienced consumers on the East Coast , it was major international news . Yet , there is little to no conversation about the millions of Americans who are defrauded every year online , many of whom are elderly and living on their retirement savings . This is a tremendous threat to our social safety net that can have devastating effects on people and their families-much more so than having to wait in line and pay more for gas .
I spent years in law enforcement investigating cybercrime , more often than not with frustrating results , and this issue is a passion of mine . Attacks on our infrastructure are important and very real , but when you listen to the stories of these victims it ’ s clear that widespread cyber fraud should be getting more attention than it is . p
32 INTELLIGENTCIO AFRICA www . intelligentcio . com