Keeping security threats out of the corporate network
Channel Post spoke to Sebastien Pavie, the Regional Sales Director for MEA at SafeNet, about security threats companies in the region face and how companies can keep these threats at bay
How do you see the Middle Eastern IT security evolving?
Due to the increasing number of connected devices to the cloud, various internal threats, such as data loss or theft, and external threats, such as malware or hackers, can be potential cyber security risk.
Attackers or insiders may search networks for valuable data; find vulnerabilities in the network, then penetrate the network, disable its security, and spread within the network or to other networks and their devices to obtain important data.
Data, networks and clouds are all targets of advanced persistent threats (APTs) where hackers are actively seeking to steal credit card data, personal identifiable information (PII), critical intellectual property (IP), and other legally protected information to retail to the highest bidder.
Impacts include identity theft, business interruption, loss of money and reduction in public trust may increase if data is misused or deleted. For example, post its recent data breach in late 2013, Adobe said hackers had stolen nearly 3 million encrypted customer credit card records, as well as login data for an undetermined number of Adobe user accounts. According to SafeNet’s Breach Level Index more than 200 million records were stolen in the first quarter of 2014.
What sort of threats do companies and end users in the Middle East face today?
The infrastructure of our cities are connected via ICT in order to enable better control, but this interdependence also increases security risks. Cyber-attacks are becoming more frequent and sophisticated due to the amount of connected devices in the cloud. Denial of Service (DOS) is one of the main cyber-attacks that prevent networks from performing its services that are based in data communication.
A DOS could paralyze a smart city where billing and payment transaction could be hindered in case of a successful DOS attack. Another type of attack is a “Watering Hole”. In such an attack, the cyber-criminal will typically look for a “watering hole” website that is frequented by its target group. They then infiltrate that website and set it up with malware. Data privacy, confidentiality, availability, reliability and integrity will all be impacted negatively if data is compromised.
Government websites and banks as well as financial services organisations will face ongoing attacks, as well as the increase in attacks against Critical Infrastructure using highly sophisticated and targeted malware, like Stuxnet – a threat that was primarily written to target an industrial control system or set of similar systems like power plant or pipeline.
Financial institutions are the top targeted sites in last year’s third quarter. The Middle East has become a hotspot for cybercrime, as evidenced by the high-profile breaches of key energy and government assets that have taken place in recent times, the defacing of government websites by hacktivists, and the ongoing attacks on banks and financial services organisations. As such, IDC expects GCC governments to undertake significant efforts in 2014 to develop or further strengthen their national IT security policies and plans.
With the increased adoption of mobile devices, cloud computing and social media, what sort of advanced security threats are lurking around in cyberspace?
One of the biggest challenges in mobile computing is assuring user privacy and security. Transportability of mobile devices, which continually use increasing amounts of personal information make them vulnerable to identity theft by loss/theft of the device.
When a Mobile Identity system is implemented by EIDA, ensure mobile application can integrate into EIDA authentication services wherever applicable. Today, organisations are under siege, getting hit by a virtually continuous onslaught of attacks at target sensitive corporate information and assets.
Cyber criminals continue to get more sophisticated and have more advanced tools at their disposal, targeting corporations with continuously evolving threats and approaches. Now, the sensitive information on social networks enables an array of social engineering attacks, further exposing organisations.
Consequently, it’s no surprise that in the past year, some of the top brands in financial services, consumer electronics, retail, and even security have been the victims of devastating attacks.
Having a mobile security strategy in place delivers a host of benefits to organisations, enabling them to effectively address the critical authentication challenges they confront. We believe at SafeNet that the three key benefits are:
- Visibility and control. It’s important for organisations to gain the visibility and control they need to consistently and effectively enforce security policies, so they can guard against the risks associated with mobile devices accessing corporate networks.
- Streamlined management. Organisations can leverage a unified console and platform that enables administrators to efficiently manage authentication across use cases, end points, and more.
- Low total cost of ownership. Because it represents a single platform that can manage an enterprise’s authentication, organisations can eliminate the cost and administrative overhead of procuring, deploying, and maintaining multiple authentication management platforms.
Mobile service developing requires strict security measures against potential threats of identity theft and privacy breach. The following are the main specific guidelines that apply to identity management issues:
- Use complex encryption to store and transmit sensitive information. Ensure privacy controls and password operations are easily accessible by the user and are transparent.
- Allow users to change their passwords and provide secure ways to renew forgotten passwords.
How does your company intend to help companies keep security threats at bay?
Customer demands for ease of use and frictionless authentication will continue to drive improvements. Customers’ expectations for seamless trusted authentication and the continued dominance of smart phones and smart devices will accelerate the move from legacy hardware One-Time-Password tokens to mobile friendly, embedded security and contextual access controls.
These methods will rely on security elements built into devices, and leverage device sensors to authenticate users. We can already see early examples in Apple’s iTouch for biometric authentication, and investments by vendors such as Samsung to bake enterprise grade security controls into their KNOX platform.
Adding to that, compliance with data security requirements centers on fully protecting data assets while facilitating secure access by authorized people and entities. While many traditional security methods focus on network perimeter protection (“keeping the bad guys out”), comprehensive data security must also protect information at the asset level (the data itself) against both internal and external threats.
Encryption is the most robust, comprehensive, and cost effective solution for data privacy. Where data is effectively encrypted, it is useless to unauthorized parties, even if all network perimeter protection fails. Only authorized users with the proper credentials can unlock and use the protected data. A comprehensive encryption policy involves four types of technologies that together protect information and access to information at the data asset level: Data in Motion, Data at Rest, Access controls and data integrity controls.
Having said that, without implementing all of these solutions to some degree, it is almost impossible to ensure total protection — and therefore total compliance in today’s complex IT environments.
It’s clear that it’s not a matter of if a data breach will occur, but when, so it’s vital that organisations are taking the correct precautions to ensure that their most sensitive data remains protected. While some of the recent data breaches were not a result of a direct attack on corporate websites, it does highlight the wider implications of data breaches. Many people often use the same password across multiple sites, so the true impact of the any data breach is always likely to be bigger than first anticipated.
It serves as a reminder to all retailers of the threat posed by data breaches. Too many security departments hold on to the past when it comes to their security strategies, focusing on breach prevention rather than securing the data that they are trying so hard to protect. Methods used by cybercriminals are becoming increasingly sophisticated and if they want to hack the system or steal data, then they will find one way or another to do so.
Companies need to focus on what matters most – the data. By utilising technologies such as encryption that render any data useless to an unauthorised party, as well as tamper-proof and robust key management controls, companies can be safe in the knowledge that their data is protected, whether or not a security breach occurs
What sort of channel strategies does your company have in place?
SafeNet’s channel partners – VARs, system integrators, and distributors – play a critical role in our business, providing sales, solution implementation, integration, technical support, and value-added services to our mutual customers.
SafeNet’s channel partner program has been built to offer access to a portfolio of the industry’s most innovative IT security solutions, along with support and benefits specifically designed to match our partners’ business models and business goals. The SafeNet channel partner program includes a broad variety of competitive elements, including generous margins, training programs, innovative sales incentives, and self-service access to tools and materials through our partner portal.
Our partners also receive access to our SafeNet product development teams, and a market-driven philosophy that delivers to our partners and customers ongoing product innovations and new features designed to meet the evolving security needs of the markets we serve.
We are dedicated to backing our partners every step of the way, working together to ensure that our mutual customers receive the most innovative products and solutions, the highest quality support, and a superior customer experience.
What product strategies do you have for the rest of the year?
SafeNet is a leader in crypto-based data protection strategies. Our solutions provide an encryption-centric foundation that makes it possible to attached protection to the data itself.
Safenet’s comprehensive and industry-leading data protection solutions consist of multiple product families that allow companies and governmental institutions to protect and control their high value digital assets, including both software and data. These solutions include:
- Identity protection – A Market leader in strong authentication
- Transaction protection – The Market leader in Hardware Security Modules (HSM)
- Persistent protection and control – Only unified platform that protects data throughout the information lifecycle
- High speed network encryptors – The Market leader with unparalleled portfolio of commercial encryptors
Comments are currently closed.