FEATURE : NETWORK SECURITY
There is no doubt that over the last five years , businesses have understood that traditional security simply cannot protect against the complex malware types we are seeing today . In fact , many organisations understand that a product or a solution will not protect you , but it is what you do with that product .
As a result of this , organisations in the Middle East are spending a lot of money on technology around cyber security , and we also see great levels of investment and focus on governance , risk and compliance . This is evident from the increase in the number of businesses successfully securing accreditations such ISO27001:2013 .
Despite these positive developments , however , there remain critical flaws in frameworks and policies , and this places even organisations that have invested in network security solutions square in the sights of attackers . Among these are :
• The users have too many rights ! They can install applications outside a governance or validation process and unfortunately these applications can result in malware .
• Systems are not kept up to date and patched , meaning that malware utilising exploits that have already been addressed by the vendors can still be successful in infection .
• Organisations allow risky file types and rely on single point products in their critical dataflow such as mail , USB ’ s and web-browsing . Should anyone really be allowed to receive a file which is compressed at multiple layers and includes a full executable ?
• Some IT teams do not bother to identify the risks in their infrastructures and make sure they are fixed , they simply get caught up in operations . So while they pay to invest in expensive boxes , they may not take the necessary effort to ensure the systems are actually addressing the issues .
ORGANISATIONS ALLOW RISKY FILE TYPES AND RELY ON SINGLE POINT PRODUCTS IN THEIR CRITICAL DATAFLOW SUCH AS MAIL , USB ’ S AND WEB-BROWSING . SHOULD ANYONE REALLY BE ALLOWED TO RECEIVE A FILE WHICH IS COMPRESSED AT MULTIPLE LAYERS AND INCLUDES A FULL EXECUTABLE ?
44 INTELLIGENTCIO www . intelligentcio . com