Why Middle East governments still struggle with network security

Despite significant investments into network security solutions, organisations still find themselves vulnerable because they overlook simple yet critical flaws in policies and procedures, says Nicolai Solling of Help AG

Tags: help AG (www.helpag.com/)
  • E-Mail
Why Middle East governments still struggle with network security Solling: Organisations have recognised the importance of security, and of security standards, but are still falling foul of common flaws or errors.
By  Nicolai Sollig Published  December 22, 2016

The rise of network security related incidents in recent years has brought the subject into the forefront of IT discussions. Simply put, government entities which can operate flexibly in a secure way, are now better primed to succeed than those which choose to operate without robust security.

Many of the security issues seen in government entities around the region are not due to sophisticated hackers targeting the specific organisation, but simply down to security solutions not being tuned to deal with de-risking and removing threats from the actual environment.

These days, cyber security robustness does not necessarily come from advanced and sophisticated solutions but rather from taking a renewed look at which risks you have and how you can address them. What organisations and governments will find is that simple and cost-effective measures can go a long way! While we shouldn’t discredit advanced solutions, they are also required, it is frustrating to see unsophisticated attacks go through where they could have been prevented.

There is no doubt that over the last five years, IT teams in the Middle East have understood that traditional security simply cannot protect against the complex malware types we are seeing today. In fact, many organisations understand that a product or a solution will not protect you, but it is what you do with that product that makes the difference. Because of this, they are spending a lot of money on technology around cyber security, and we also see great levels of investment and focus on governance, risk and compliance. This is evident from the increase in the number of businesses successfully securing accreditations such ISO27001:2013, and the active role governments in the region are taking to introduce regional security standards. Good examples are the work performed by SAMA, NESA and DESC where their guidance on what is considered mandatory information security helps us raise the bar for cyber security robustness in the region.

Despite these positive developments however, there remain critical flaws in frameworks and policies, and this places even organisations that have invested in network security solutions square in the sights of attackers. Among these are: The users have too many rights! They can install applications outside a governance or validation process and unfortunately these applications can result in malware.

Systems are not kept up to date and patched, meaning that malware utilizing exploits that have already been addressed by the vendors can still be successful in infection.

Organisations allow risky file types and rely on single point products in their critical dataflow such as mail, USBs and web-browsing. Should anyone really be allowed to receive a file which is compressed at multiple layers and includes a full executable? Today we know that macro-enabled office documents are the biggest carriers of malware. Why then do we still allow such documents to come into the organisation without stripping the potentially malicious content?

Some IT teams are simply too caught up operating their infrastructure and systems to stop for a minute and understand their risks. So while they invest in expensive boxes, they may not take the necessary effort to ensure the systems are actually addressing the issues.

Finally the most dominant issue is that organisations very often fail to listen to the events that their systems are generating. An alert from a firewall, a log from a web-proxy, behaviour in a DNS request or file activity on a client machine can all be early indicators of an attack. Even when event management is happening, it is very often only done during working hours, whereas attackers work around the clock. Therefore, your security operations should do the same! If you cannot do that due to resource constraints, then it is time to get some help. I think only a handful of organisations in the region can secure the correct budget and competence to operate their security events, and therefore leveraging managed security services is extremely appealing.

The ingenuity of the modern cybercriminal means that not every security risk can be fixed by tending to these glaring concerns, but these have proved to be the reasons behind the most common attacks we have witnessed in the region. Worse still, it is often unsophisticated attacks that result in data breaches, simply because basic precautions haven’t been taken.

Other factors impacting network security

Besides the glaringly obvious, though often overlooked, network security shortcomings that organisations fall victim to, there are a number of threats brought on by new technologies and usage behaviours. Among these are the vulnerabilities introduced by endpoint devices. There are a number of integration points between endpoints and other security elements of the infrastructure. In fact, what we are seeing right now is a race for the endpoint as this is the place where IT teams will be able to understand what actually is happening — traffic will be in clear text in memory and a lot of the inherent issues in performing prevention on the network layer are not present.

The integration between the endpoint and the network security devices is actually the secret sauce as no system can stand on its own. Understanding how open a platform is, and how you can integrate both forensics, reporting and automated response is how you create a real security ecosystem.

Another concern is that even today, we have security vendors which think that they can provide the whole security ecosystem, and therefore create proprietary integration points in their solutions. With the complexity of attacks that we now see, open interfaces and the seamless integration of products is essential as tackling new threats calls for best-in-class point products that work together.

Finally, to truly secure their networks, IT teams must grow beyond their reliance on solutions alone. The advancement of cyber threats means that to stay protected, you need to develop and maintain a holistic security program wherein technology, products, systems, procedures, processes, policies and people are all taken into account. Such programs can be extremely challenging for many organisations, and they should therefore ask themselves if outsourcing parts of these programs to a trusted IT security partner could be the correct solution.

In the end, every organisation needs to understand that the economy of cybercrime is such that if you made it difficult for the hackers, they will most likely go somewhere else!

Nicolai Solling is Chief Technology Officer at Help AG.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code