Security conscious

Security concerns lie at the heart of pretty much every aspect of networked IT services today, but as a global increase in cyber-crime brings a new set of challenges that CIOs and CEOs in the Middle East need to treat seriously, Wael El Kabbany, managing director for BT Middle East and North Africa, asks if the real corporate security questions are being addressed.

Tags: British Telecom (BT) (www.bt.com)Cyber crime
  • E-Mail
Security conscious El Kabbany: CEOs and CIOs need to have strict policies in place to prevent their companies from being harmed by cyber-crime.
By  Wael El Kabbany Published  July 4, 2010

There is more to prevention than just damage limitation

The question being asked in boardrooms is “can we truly protect ourselves against the next generation of hacking - or is damage limitation the best we can hope for?” Providing reassurance is a tricky thing because firms involved in providing security solutions need to be transparent and responsible with their claims.

So let us be very clear, here, from the outset: there is no easy panacea to this problem. There is no single product or service that can be plugged in and means your data is safe. It means companies need to sit up and take this problem seriously at a senior level and not relegate it to a nuts-and-bolts IT services issue.

Don’t expect technology to solve the problem on its own

Firstly, it is vital to recognise how the very nature of globalisation has altered the challenge. Once upon a time, a virus detection programme could easily check IP addresses linked to a PC or server, spot any beginning 85.xxx, recognise that this was going to China, for example, and block the address.

Today, of course, most international companies will be sending and receiving legitimate data packets to and from China daily – suppliers’ details, product data, order information. So modern software has to learn what activity is legitimate and what is not before it begins to run effectively. This is hugely powerful, but the understanding of the process is not always there. Too many organisations, erroneously, think they have this activity covered as soon as they’ve installed the new kit. Just because suspicious activity has not been detected does not mean that it’s not going on.

The very language we use is also a problem. The term “cyber-crime” leads us to forget that the data still starts and ends with a physical machine, and so the physical threat is frequently overlooked. You can have the best technology in the world, but it won’t help if your office cleaners are easily able to smuggle information out of your building on a data stick.

Ultimately, what is needed is a combination of good corporate policy, married to effective technology. Far too often, we see one without the other and, in 2010, this is not good enough.

Four-point plan for practical security

1. Check physical security. Ensure that your technology, facilities management and human resources departments, at the very least, are talking to each other. Any external suppliers with access to your building should be properly vetted.

2. Ensure you have the appropriate technology in place and that it is set up correctly. Software-based anomaly detection, located in the network, coupled with solid firewalls at your data centre end.

3. Link this up with effective policy adherence – rigorous testing, monitoring, recording – such as is demanded by ISO 27001 (BS7799), the Information Security Management System (‘ISMS’).

4. Ensure that policy is in place for follow-through. Detecting and countering an attack is one thing - you need to be able to trace it and build up the chain of evidence so that, should you ever need to take someone to court, there is a proper chain of evidence. This means your IT people need to be trained to log dates and times properly, and your legal department will need to be involved to ensure your policies adhere to privacy laws.

3197 days ago
Clodelio

As long as computer/server is part of a network it's only a matter of time before it can be compromised, the way vendors update their system being used in the enterprise is the same way blackhat do their stuff,e.g. metasploit always get's updated as soon as 0-day exploits are released.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code