Intelligent CIO Africa Issue 20 - Page 31

+ EDITOR’S QUESTION /////////////////// MAYLEEN BYWATER, SENIOR PRODUCT MANAGER, CLOUD SECURITY SOLUTIONS, VOX C ybersecurity as a landscape and as a priority is changing constantly from little focus to being in the limelight and being rated as a key strategy for most CIOs. The various attacks on several larger institutions confirms that we need to be vigilant on how we treat data and information. Some principles remain the same as you look at the general trend of penetration into networks; statistically the norm seems to be that 90% of email attacks originate from an email as the entry point as revealed by Verizon’s data breach research. The main intention is not only to infect the network, but also to lure unsuspecting people into divulging information of a personal and business nature. These details are harvested with perpetrators using social engineering to write phishing emails that would fool many, as the content is normally well written and seems legitimate. The end user or Human Firewall is targeted as there is no algorithm to ensure that specific mails are not opened. We have looked at these and discovered various tools that businesses should be looking at employing; to train and educate their staff. These phishing tools provide a great platform to simulate, educate and create a culture of security conscious individuals within the business. However, these tools are only as effective as the policies that need to be drawn up, communicated and shared with the business. These training sessions need to be complemented by having a security strategy that caters for the entry points into the business, which while phishing, may not target, but need to be in place to be proactive and help with prevention. A business still needs to have network, email and endpoint security, and backup and reporting in place to ensure that it can deter most attacks without being impacted. There are great benefits in having an ISP that also caters to help all the various components as the current skill shortages highlights the need within businesses to understand what needs to be addressed and what is a priority. Having these key pillars for security in place will assist the business to focus on the aspects of growing their footprint and knowing that their business is being pro-actively protected. n “ THE MAIN INTENTION IS NOT ONLY TO INFECT THE NETWORK, BUT ALSO TO LURE UNSUSPECTING PEOPLE INTO DIVULGING INFORMATION OF A PERSONAL AND BUSINESS NATURE. INTELLIGENTCIO 31