IT
Direct Breach
Keeping things easy to understand, I shall not
delve into the technical knowhow of how a
direct breach is achieved, except to say that
loose technical and process controls allow
bad characters to enter your organisation’s
digital assets through vulnerabilities. One
high profile case of recent times is the
breach of the retailer Target where the bad
characters were able to purloin the credit card
details of approximately 40 million Target
customers. The breach was achieved by way of
PROTECTING YOUR DIGITAL ASSETS
With the exception of a direct breach, the above
vectors depend upon interaction with humans
to be successful. It has to be said that many
organisations have impeccably constructed
technical defences against cybercrimes, they back
up their data nightly and then wrongly believe that
this will be enough to safeguard their digital assets.
The most commonly overlooked system of digital
asset protection is training staff in how to detect
and react to malicious cyber approaches. In this
respect many businesses show an appalling
failure to educate frontline staff, this is often due
to poor or outdated leadership combined with the
concentration of funds away from preventing loss
through digital channels and that is staff training.
compromising the credentials of a third party
refrigeration business who had remote access
to Target’s digital platforms, so they could
interact with the retailer’s air conditioning
systems. However the mistake that made the
breach possible was that Target had failed
to cordon off its point of sale platforms from
the air conditioning platforms so the bad
characters once in the system were able to
place card stealing malware at point of sale
locations in numerous stores.
Staff churn is often raised as an inhibiter to training,
so remember to train your staff so that they are able
to leave and treat them so they won’t!
A prudent approach is to ensure that your technical
systems are robust enough to withstand a
concentrated effort to be breached and is subject
to penetration testing by a properly trained
professional. The equally important line of defence is
to remember that your staff are your greatest assets
and also your weakest link in defending against
threats. A well trained workforce is a must if you
are to be successful in minimising the risk of your
business becoming another victim of cybercrime.
If concerns exist regarding your organisation’s ability
to withstand a malicious cyber approach, Barringtons
Corporate Risk are able to provide penetration testing
and staff training customised to your needs.
David Napper
David has an extensive background managing workplace risk, with
over 30 years experience in public and corporate safety. In recent
times, David managed the workplace risk and cyber threats for US
online trading platform eBay, being responsible for Asia Pacific
and Africa for over a decade. Trained by the Hong Kong Police in
cyber investigation, David has been hands on in his approach and
has supported law enforcement by training regulators in numerous
Australian and Asian locations as well as working stints in Nigeria
and South Africa.
David currently works for Barringtons Corporate Risk as a senior
risk advisor where he provides support to clients in cyber threats,
Work, Health & Safety and other workplace compliances.
GOVLINK » ISSUE 2 2017
45