Enterprises 'forgetting' security basics
Traditional lessons in information security being forgotten, says SafeNet
Middle Eastern enterprises are forgetting to master the basics when it comes to protecting themselves against security threats, according to SafeNet's regional sales director, Sebastien Pavie.
As the cloud has exploded across the IT landscape, companies are now allowing employees to access data via unsecured devices, which flies in the face of one of the fundamental basics of information security, Pavie said.
"In the late 1990s and early 2000s, we all accepted we needed anti-virus and content filtering. However, in the mid-2000s, the cloud exploded and the way we interact with and access data changed," he told ITP.net.
"Now, most companies are accessing data from different places and mediums with no anti-virus, control and detection mechanisms."
Because of this, hackers view many enterprises as "easy pickings", Pavie said. As a result, many cyber-criminals are conducting the same attacks that they have traditionally employed, but using different tools to cater to these unsecure devices, he explained.
Another basic security process that regional enterprises are forgoing is encryption, according to Pavie. He said that, despite high-profile data breaches taking place in the region, organisations have still not taken the necessary precaution to encrypt their data - a process that deters attackers even in the event of a data breach.
"We have heard countless stories over the past year of devastating attacks and data breaches, yet if this data had been encrypted in the first place then all hackers would have found is scrambled information, rendering the theft pointless," Pavie said.
"The problem is too many companies shy away from encryption due to fear that it will be either too expensive or complicated, however the reality is that it doesn't have to be either."