An attack typically starts with a "reconnaissance" or recon, by which the attacker would sniff out weakness in the network to install an exploit or toolkit that then works behind the scene to create a backdoor. Once the backdoor is opened, hackers can install a bot, rat, virus, or worm to cause damage (which could be profit-driven or ideology-driven) to networked resources.
To address external threats, Lee recommended multilayer security measures: "Install firewall, IPS, anti-bot, anti-virus, URL filtering, and threat emulation, a service that takes the file about to be sent or received to a sandboxed environment, and security people can observe its behaviour to determine whether it is safe. This helps identify the behaviour of the file under observation."
Risky enterprise apps are those that bypass security or that hide their identities via anonymisers, said Lee. "They do harm without the user knowing it, e.g. through file-sharing, online storage and via social networks." He further added: "Social media is no longer a game. Today, social media is a real business enabler. It's not a question of whether you should be on Facebook, Twitter or others, but how you can harness Facebook for your benefit."
To counter risky apps, Lee recommended URL filtering, application control, antivirus program, and endpoint protection to prevent data loss.
The third area of concern relates to data loss incidents, "such as sending email to wrong people, Intentionally or otherwise," said Lee. "The types of data loss could be source code, password-protected file, email marked as confidential, and credit card information.
Again, from the report, 36 percent of financial organisations sent carbon-copy data outside their organisations in the clear. Another area is the use of online storage solution like Dropbox, YouSendit, or something else, to circumnavigate the limit imposed on email attachment size."
Here, 80 percent of organisations use file storage and sharing apps, without realising the risks.
To prevent data loss, an organisation might consider implementing document security (data encryption), data loss prevention, endpoint protection, application control, and user self-remediation.
When asked by the floor whether organisations were losing the battle to hackers, Lee said that it's an ongoing battle. "Very important is the mindset of the people—everyone should be aware of where the risk is. And when threat happens, react quickly to the threat. Better still, preempt the threat."
In his talk, Garry Sidaway, Director of Security Strategy, Integralis, highlighted that information security is about balancing risks and costs. "To do battle, we need to understand what we need to protect, we need to change the way we embed security, not bolting on the security," he said.
Photo: Garry Sidaway
Sign up for CIO Asia eNewsletters.