No company is immune from cyber attacks - expert

Cybercrime. (Duncan Alfreds, Fin24)
Cybercrime. (Duncan Alfreds, Fin24)

Cape Town – Companies should have a security “Plan B” for critical data in place as it appears inevitable that perimeter strategies may fail, says an expert.

Cyber attacks are not regularly publicised in SA, but according to Gemalto, 3.6 billion data records have been exposed globally in cyber intrusions.

“Most security blueprints are currently based on a ‘Plan A’, with a heavy emphasis on technologies that protect the perimeter and somehow stop attackers from getting where they shouldn’t be. This made some sense when all the data and users only existed behind the corporate firewall,” Neil Cosser, Identity and Data Protection manager for Africa at Gemalto told Fin24.

“It’s becoming quite clear, however, that Plan A is not working as it should be. Consider the number of huge data breaches that have occurred over the last year or two and you can see that cyber criminals are finding ways to bypass current security measures,” he added.

Gemalto’s Breach Level Index highlighted five attacks in SA during 2015, but the report said that the number of data breaches do not reflect the actual number of records exposed.

Two factor authentication

READ: SA fails to make data breaches public

In 2015, the report showed that 1 673 incidents exposed some 707 million records. However, in 47% of cases, the number of records exposed is unknown.

“In today’s security landscape, it thus makes more sense to move to a ‘Plan B’, where the focus is on protecting data. This can involve a number of different technologies - all of which would potentially be important components of the strategy,” said Cosser.

One strategy gaining momentum is two factor authentication and Gemalto said that 98% of IT managers are supportive of this technology, though it is not a perfect solution.

“There is still a long way to go to protect access to all applications and secure all devices however. IT professionals are realising that the key to providing uniform protection for numerous applications lies in their ability to centrally implement two-factor authentication for both cloud and on-premises applications,” Cosser said.

Assuming cyber criminals will at some point have access to critical data, Cosser highlighted the benefits of encryption which may render the data useless.

“It’s also clear that data encryption should play a major role in any Plan B. Someone is going to get past the network perimeter defences at some point, so organisations need to make sure that whoever gets in can’t use the data. Another way of looking at encryption in this context is that it is the ultimate way to ‘unshare’ data in shared environments.”

- Follow Duncan on Twitter

Brent Crude
All Share
Top 40
Financial 15
Industrial 25
Resource 10
All JSE data delayed by at least 15 minutes morningstar logo
Company Snapshot
Voting Booth
Please select an option Oops! Something went wrong, please try again later.
I'm not really directly affected
18% - 1545 votes
I am taking a hit, but should be able to recover in the next year
23% - 2008 votes
My finances have been devastated
34% - 3014 votes
It's still too early to know what the full effect will be
25% - 2191 votes