It’s common knowledge that the war against cyber crime is not being won, and that the security industry is playing a catch-up game at best. In fact, it is many security professionals’ assertion that we cannot keep threats out of our networks, and thus we need to focus on containment and mitigation only.
Lutz Blaeser, MD of Intact Security, believes relinquishing importance on prevention is a bad idea, and equates to surrendering the cyber war. “In the info security world, however, we are definitely seeing a move towards network security, governance and vulnerability management.”
He says some success is being seen in terms of protecting networks and data, but improvements are needed. “Even as we work towards better security, and more advanced tools, hackers are coming up with more sophisticated and cunning weapons with which to bypass them.”
Moreover, he says in conjunction with the growing threat from outside entities, we are dealing with an increased threat from within, that of shadow IT. Shadow IT is a term used to describe tech systems and solutions that were created and applied within organisations, without their approval.
“It usually starts when a department within the business feels hampered by what they see as the technical department’s failure to provide them with what they think they need, and they go off and create their own solution, without technical’s knowledge. IT will only become aware of this once a technical issue occurs, or when integration with other application within the enterprise is needed. As you can imagine, this causes many headaches for the technical team.”
According to Blaeser, the buck ultimately stops with the IT department, whether this is fair or not. However, in the event of a security incident, IT will have to deal with the CEO, regardless of who may be at fault. “The challenge, of course, is how to find and secure all these shadow IT applications within the enterprise.”
Understandably, few technical departments have the resources to handle the multiple requests that all these applications and users would generate, but a plan needs to be made, as the fallout should a breach occur due to shadow IT could be catastrophic, he states. While there is no silver bullet to fight the shadow IT problem, there are several measures IT can take to minimise the problem and identify any problems before they become a major threat.
Firstly, he advises to monitor outbound traffic, as this is the best way to ensure you know what is going on inside your company. “Firewalls focus on incoming traffic, but can be configured to keep logs on outgoing traffic too, and once you know where the traffic is going, you are better placed to pinpoint any applications you were unaware existed. Moreover, once you are better aware of outgoing traffic, you are better able to control it.”
In addition, he says user education is vital. “Most employees have a vague idea of the risks, but are quite happy to ignore them. Others are completely ignorant, and have no understanding of the situation. Educate your staff on security in general, and make shadow IT a part of that discussion. Do not leave executives out of this training and education. Once C-level executives are aware of the dangers of shadow IT and the potential fallout it could cause, they are far more likely to come on board and help control the problem.”
