ITNA’s Director, Kagiso Setsetse, discusses the pitfalls of the Internet and how businesses can avoid cyber-attacks.
The issue of web security is not a new one. However, since our migration to the digital age, organisations are now facing rapidly changing risk landscapes at a frightening pace. Cyber risks are growing exponentially and attacks are becoming more sophisticated. From opportunistic criminals on one end of the spectrum to full-blown operation crippling attacks on the other, organisations cannot afford to ignore the wolf knocking on the door to come in.
Moreover, web security is set to become a legal requirement – not just an option. The Protection of Personal Information Act (POPI) has set the conditions for how information is processed and stored, and the consequences of any failure to adhere to the standards. This means that organisations will need to put proper IT security measures in place to ensure compliance, and web security will be highly imperative in any IT security strategy.
Protect the organisation from itself
Did you know that the organisation’s staff might be the biggest threat to its own security? Employees don't necessarily have to be malicious to put a company at risk; they may just not understand the possible risks associated with their actions. Some of them might not understand why phishing and opening unfamiliar files is dangerous, and there is often a lack of commitment from senior management to managing information security effectively.
Research has shown that effective staff training can halve the number of insider breaches. Training ensures that employees understand the importance of information security and their role in protecting business critical information. In addition, they will be more cautious of their future interactions if they’re aware of the effects.
Know the different types of attacks
With each passing day, a new Trojan or malware virus is developed and wreaks havoc throughout organisations. Look at the chaos caused at JPMorgan – the largest US bank – by a team of Russian hackers, as a recent example of how cyber-attacks can bring organisations to a standstill. This is why it’s important to understand the critical types of cyber-attacks that exist:
- Virus. A piece of code or program that has a detrimental effect.
- Malware. Malicious software used to disrupt computer operation, gather sensitive information, or gain access to a computer.
- Keylogger. A program that records every keystroke. Often used to gain access to passwords and other sensitive information.
- Password cracker. An application program that's used to identify an unknown password of a computer or network.
- Inference or database attack. A data mining technique performed by analysing data to accumulate knowledge about a subject or database.
- Phishing. An email fraud scam that trick users into revealing personal information.
How to protect your organisation
Apart from educating your staff about the dangers of cyber-attacks, the organisation will need to implement a solution that protects it from all web threats – not just an antivirus program. Essentially, you should be looking for a solution that consists of the following:
- Data leak protection (DLP). This prevents users from sending sensitive and critical information outside of the company network.
- URL and HTTP filtering. This is particularly useful with phishing. Dangerous sites and other non-work related sites can be blocked for the user and organisation’s protection.
- Web gateways. A security solution that prevents unsecured traffic from entering an internal network.
South Africa is the second most targeted country in the world for internet fraud and phishing attacks. In 2013 alone, South Africans lost over R2.2 billion to cybercrime. With such alarming statistics, isn’t it time that you prevent your business from adding to that number by beefing up its web security?