Connect with us

Technology

Phillips Consulting’s Guide to Avoiding Security Complexities

Published

on

Cyber-Security Phillips Consulting

Many years ago, the firewall was everything. Defence-in depth was a concept defined as layered defence with multiple firewalls on the path.

Behind the firewall was a fortress. Organisations designed networks with strong perimeters and demilitarised zones to ensure the crown jewels were well-protected. Attackers had a difficult time trying to break into the firewalls.

On the physical layer, Network Admission Control (NAC) technologies were implemented to prevent intruders from having direct access into the network by preventing them from plugging unauthorised devices into the network. Before a device was admitted, it had to meet a minimum requirement defined by the organisation.

Those years are gone and maybe gone forever. Cloud computing, Bring Your Own Device (BYOD), Artificial Intelligence, Internet of Things (IoT), VPNs and Remote Working Capabilities have dramatically changed the way businesses run.

These technologies have introduced a level of innovation and disruption that were unimaginable only a few years ago. They have resulted in the collapse of the traditional network perimeter, thereby increasing the attack surface for cyber-attacks.

Enterprise networks coverage is today being extended beyond our imagination – outside the traditional datacentres to smartphones, cloud platforms, mobile computers and IoT interfaces without geographical boundaries.

The bad guys now have a plethora of interfaces to launch their attacks on; they do not have to breach the network using traditional social engineering tactics physically.

The recent changes in the work environment occasioned by the COVID-19 have further amplified the extension of network boundaries beyond the traditional datacentres.

Employees work from home with devices and connections into the enterprise networks that were not originally designed for such. Improvised connections were made to allow functionality because the pandemic came without an announcement.

The danger this poses is that some of these end devices were not originally designed with security in mind. Even if security was a consideration, not so much for enterprise data protection. These devices are most of the time not hardened, and their owners may not understand the effects on the overall organisational security posture.

A handful of these devices are installed with default passwords, and most times, these passwords are not changed during or after installation. So, it is easy to guess the password by manual methods or using advanced dictionary or brute force attack methods.

Another risk posed by these endpoints is the lack of security updates and patches. Because they are sometimes not seen to be part of the enterprise network, they are not included in the patch management programme, and their presence introduces high-level vulnerabilities within the enterprise network.

It then becomes easier to utilise malware that could tunnel through the firewall to breach the enterprise network, instead of spending months and years trying to break into the firewall or layers of firewalls.

In recent years, large-scale attacks have been launched using malware by exploiting known vulnerabilities and security gaps on endpoints.

For example, the WannaCry, Petya and another variant of Petya, the NotPetya were employed to launch attacks on enterprise networks through vulnerable endpoints. Another danger with this trend is potential data leakage because these devices are used to either temporarily or permanently store organisational data.

There is also concern about device loss. If these devices are lost, there is a risk of exposing the organisation’s data to unauthorised entities, and that could both result in financial and reputational damage.

These dangers are also expanded by the impact of the COVID 19 pandemic, where organisations made ad-hoc improvisions to support businesses while employees work from home.

As commerce resumes, organisations are beginning to discover some capabilities to support their businesses remotely, and they are also rethinking their business continuity strategies.

For some businesses, this is not just a temporal shift, but a change which has permanently altered the operational procedures of the organisation.

Legacy cybersecurity strategies, techniques and investments will not be enough to mitigate the rising cybersecurity concerns introduced by this new way of working. Protection has gone beyond throwing in uncoordinated technical solutions and efforts.

Organisations need to rethink a new approach for the protection of their assets within the ever-growing complexity both to remain afloat and also to derive commensurate Returns On Security Investments (ROSI). A well-crafted strategy will ensure that cybersecurity efforts are coordinated within the enterprise, without duplication of efforts and resources, which will, in turn, drive down the cost of implementing cybersecurity initiatives.

​To improve security posture, organisations must do the following:

  1. Continuously monitor the devices, applications, and processes running on the network.
  2. Automate security monitoring and mitigation.
  3. Implement systems that are capable of automatic detection, isolation and containment of threats within the network.
  4. Ensure that monitoring covers event data, session data, and historical data on endpoint usages, such as past processes, network connections, and other information.

Another measure organisations should take is reducing complexities. The extension of the network boundaries has not stopped organisations from using existing network solutions to protect the enterprise network.

However, in a bid to ensure the protection of the on-premise infrastructure and the ones beyond the organisational traditional network boundaries, organisations combine existing technologies with new solutions and the resultant effect is an increase in complexity.

To effectively manage security, organisations should put measures in place to ensure a reduction in complexity and enhancing visibility. This can be achieved by unifying all efforts and technologies for managing both on-premise and off-premise infrastructure in a single platform. Beyond technical controls, organisations should develop procedures, standards, and policies for acceptable use of organisational resources.

Click to comment

Leave a Reply

Technology

MTN Nigeria Blames System Error for October 9 Outage

Published

on

Karl Toriola MTN Nigeria

By Adedapo Adesanya

MTN Nigeria has apologised to its subscribers, blaming the network outage experienced on Saturday, October 9 on a system error.

In a video message sent to Business Post on Sunday, the Chief Executive Officer of the company, Mr Karl Toriola, said the downtime was a result of system error from its end and not a result of sabotage as many feared, especially because it occurred a day after Facebook suffered a similar issue.

MTN users had October 9 experienced hours of network disruption, which affected calls and connections to the internet.

Mr Toriola explained that the technical team traced the cause of the downtime to an error that shifted all 4G customers to the 3G, overloading the band.

“Last Saturday, we had an outage that left our customers without a connection for several hours. On behalf of the entire MTN team, I want to start with a heartfelt apology. We are truly sorry for the disruption this caused for so many in our MTN family,” Mr Toriola said.

“We know that millions of people rely on us to stay connected to their loved ones, to manage their businesses, to coordinate their lives. We take that responsibility and privilege very seriously. That’s why we are putting new measures in place to make sure we never experience anything like last Saturday again.

“Our technical teams have traced the cause of the problem to an error that shifted all our 4G customers onto the 3G band. This overloaded the 3G band, causing a domino effect that impacted the whole network. Our engineers were able to resolve the problem.

“I know that recently other technology companies suffered outages. I want to reassure you that last Saturday’s event is in no way connected to those. This wasn’t [a] sabotage, it was a regrettable error,” the MTN chief added.

He further announced that MTN had refunded customers airtime and data used yesterday in addition to the time-bound subscription extension earlier promised.

He also assured users that MTN was working to ensure that they never experience such challenges with the network again.

“While we work to strengthen our network to prevent further disruptions of any kind, we wanted to find a way to say sorry. Something more than extending the validity of all time-bound plans by 24 hours, which we did as soon as service was restored,” he added.

“So, while we can’t give you back the time you lost last Saturday, we can give you back what you spent yesterday. Every customer on the MTN network has received a refund for the data and airtime that they used between 12 noon and 7 pm yesterday.

“We hope it shows how much we value our customers. You truly are our most important focus.

“We all have challenges, each and everyone, young or old, personally or professionally. What matters is how we respond. With you by our side, we will continue to improve and grow,” Mr Toriola stated.

This newspaper understands that many MTN users were given 1MB of data valid till October 31.

Continue Reading

Technology

FG Inaugurates Governing Boards to Fast Track Development

Published

on

Ogbonnaya Onu Governing Boards

By Sodeinde Temidayo David

In a bid to fast track the development of the country as well as overcome science, technology and innovation (STI) challenges, the federal government has inaugurated governing boards and councils of agencies or institutes under the Ministry of Science, Technology and Innovation.

Recall that recently, President Muhammadu Buhari approved the change of name of the Ministry of Science and Technology to STI in a bid to focus on ensuring the provision of STI-based solutions to overcome societal challenges.

On Thursday in Abuja, the Minister of STI, Mr Ogbonnaya Onu, during the inauguration, noted that in spite of the present challenges, his team was determined to break grounds by building a world-class ministry that would be the best in Africa and comparable with the best in the world.

However, he stressed that the team must work together efficiently to achieve this noble goal, as they are now in the path of repositioning and strengthening the Ministry to emphasize the desire to contribute to national development efforts of this administration to lift 100 million people out of poverty within the next decade.

According to Mr Onu, using the enormous power of STI, the focus will be on the development of abundant natural resources as well as the orderly exploitation of huge potentials of people and businesses.

The Minister further noted that the role assigned by the federal government on the ministry as custodian of all the fundamentals of innovations in Nigeria carries enormous responsibilities coupled with the recent change of name by the ministry.

“The new logo, vision and mission statement, our core values and critical success factors (CSF) would be unveiled very soon. A rebranded Ministry is emerging with implications for the commitment of all stakeholders within the STI ecosystem, especially the members of the various boards and councils of the Ministry.

“I employ you all to be diligent and unrelenting in the new journey to greater heights of service to our nation,” he noted.

The Minister also urged the governing boards and council members to familiarise themselves with the relevant instruments governing the operation and supervision of their respective agencies and institutes.

He expressed that the role and responsibilities of governing boards are stated in the relevant government circulars, laws, public service, administrative guidelines regulating the relationship with parastatals and government-owned companies.

In his remarks, Mr Micah Umoh, who represented the Chairman Senate Committee on Science, assured to give their full support to achieve the goal for the initiative.

Continue Reading

Technology

Third Telecom Consumer Initiative Holds October 15

Published

on

Telecom Consumer Initiative

By Sodeinde Temidayo David

The third edition of the Telecom Consumer Town Hall on Radio (TCTHR) will take place on Friday, October 15 2021, at 7:30 am, the Nigerian Communications Commission (NCC) has said.

The telecom consumer initiative will air on the Human Rights Radio, 101.1 FM, Abuja and will focus on the benefits of the National Identification Number to Subscriber Identity Modules (NIN-SIM) integration.

Interested individuals can tune in to listen and participate in the discussion via life streaming on the Human Rights Radio social handles, the telecommunications industry regulator said.

The TCTHR is the modified version of the Consumer Town Hall Meeting, a consumer outreach programme of the Consumer Affairs Bureau of the NCC.

Like its forerunner, the TCTHR is a train that will traverse Nigeria in keeping with management’s commitment to reach and engage every telecom consumer wherever they are.

It could be recalled that two editions of the TCTHR had taken place earlier in Kano and Lagos.

The key purpose of the programme is to create greater awareness on the linking of SIM to NIN and to educate consumers on the benefits and how to achieve NIN-SIM integration, and which consumers can reach the commission.

This initiative over the years has made it easy for consumers of telecom services in the country, who are dissatisfied with services rendered to them by any of the service providers to file a complaint.

The NCC has insisted on October 31 as the deadline for users to link their NIN to their SIM cards, stressing those who fail to do this would soon be denied the opportunity of acquiring driving licences and passports.

Continue Reading

Like Our Facebook Page

Latest News on Business Post

Trending

%d bloggers like this: