Cybercrime. (Duncan Alfreds, Fin24)
Cape Town – Companies should have a security “Plan B” for critical data in place as it appears inevitable that perimeter strategies may fail, says an expert.
Cyber attacks are not regularly publicised in SA, but according to Gemalto, 3.6 billion data records have been exposed globally in cyber intrusions.
“Most security blueprints are currently based on a ‘Plan A’, with a heavy emphasis on technologies that protect the perimeter and somehow stop attackers from getting where they shouldn’t be. This made some sense when all the data and users only existed behind the corporate firewall,” Neil Cosser, Identity and Data Protection manager for Africa at Gemalto told Fin24.
“It’s becoming quite clear, however, that Plan A is not working as it should be. Consider the number of huge data breaches that have occurred over the last year or two and you can see that cyber criminals are finding ways to bypass current security measures,” he added.
Gemalto’s Breach Level Index highlighted five attacks in SA during 2015, but the report said that the number of data breaches do not reflect the actual number of records exposed.
Two factor authentication
READ: SA fails to make data breaches public
In 2015, the report showed that 1 673 incidents exposed some 707 million records. However, in 47% of cases, the number of records exposed is unknown.
“In today’s security landscape, it thus makes more sense to move to a ‘Plan B’, where the focus is on protecting data. This can involve a number of different technologies - all of which would potentially be important components of the strategy,” said Cosser.
One strategy gaining momentum is two factor authentication and Gemalto said that 98% of IT managers are supportive of this technology, though it is not a perfect solution.
“There is still a long way to go to protect access to all applications and secure all devices however. IT professionals are realising that the key to providing uniform protection for numerous applications lies in their ability to centrally implement two-factor authentication for both cloud and on-premises applications,” Cosser said.
Assuming cyber criminals will at some point have access to critical data, Cosser highlighted the benefits of encryption which may render the data useless.
“It’s also clear that data encryption should play a major role in any Plan B. Someone is going to get past the network perimeter defences at some point, so organisations need to make sure that whoever gets in can’t use the data. Another way of looking at encryption in this context is that it is the ultimate way to ‘unshare’ data in shared environments.”
- Follow Duncan on Twitter