Sophos expert on avoiding network breaches

Sophos expert on avoiding network breaches

Network breaches are making the jobs of CIOs and CISOs harder than ever. Intelligent CIO asked Harish Chib, Vice President, Middle East and Africa, how they can be avoided. 

The hard truth is that there are data security breaches every single day globally. Some security breaches make the front pages, but many others do not. It is the unfortunate dark side effect of all the wonderful benefits we get from mobile computing and global connectivity.

Cybercrime is a big business and is well-funded – and criminals don’t need to be IT experts in order to be successful. Toolkits with support services can be bought on the Dark Web, and even ‘hackers for hire’ will launch an attack on your behalf.

Ransomware as a Service (RaaS) is now marketed on the Dark Web like a legitimate business tool – completed with technical support if the cybercriminal requires it.

Attacks are becoming more targeted. Phishing will disguise itself as a legitimate email or even phone call in order to get into a network – people remain a weak link in the armour, although to be fair, many of these new attacks are difficult for even experts to spot right away.

These attacks do however highlight the growing concern of CIOs over cybersecurity, the impact of breaches, and why cybersecurity needs to be a top priority for every CIO, whatever the size of their organisation. It is important to get the basics right. Even the most well-resourced companies are still falling victim to attacks that use phishing and social engineering techniques to dupe employees.

The growth in complex and coordinated attacks is outpacing many CIOs ability to protect their organisations.  Their overstretched IT departments struggle to respond fast enough to threats entering their ever-expanding IT infrastructure. Continuing to manage disparate products is leading to increasing risk to their business. Unless there is a distinct change in approach to IT security this will only get worse.

Companies need to re-think the traditional approach of ‘layered security’ and think more about ‘synchronised security’. With the latest deep learning technologies, new cybersecurity solutions can now take action faster than an IT Manager predicting issues and stopping threats before they can enter an organisation’s network.

 

Here are some best practices, which we’ve learned over the years working with thousands of other organisations of every size, for CIOs:

  • First, encrypt the data! Many IT organisations have steered clear of encryption thinking that it impacts performance or that it’s simply too complicated to effectively implement.  This is no longer the case.  Enterprises should be encrypting their most critical data far more often than they do
  • Ensure that any contractors, outsourcers or third-party partners take cybersecurity as seriously as you do. After all, it’s your data that your customers have entrusted you with, and it’s your responsibility to secure it
  • Take a user-centric view to your security. Too often IT departments focus on devices and fail to see the connection between a user, their data, and all the devices (including mobile devices) that they use on a daily basis
  • Complexity is the enemy of security.  Too often complicated tools aren’t configured correctly, aren’t communicating with other tools or aren’t even deployed at all because despite all their power they are simply too complicated for mere mortals to use effectively
  • Train your users! They are often the weakest link in a cybersecurity strategy.  Too often users willfully hand over their credentials and engage in risky cyber-behaviour that can put the company at risk

Browse our latest issue

Intelligent CISO

View Magazine Archive