Network security breaches highlight need for adjudicator
Network security breaches highlight need for adjudicator
The growing threat to organisations, as evidenced by the recent breaches of banking security through unauthorised SIM swops in South Africa, highlights the need for an independent adjudicator to deal effectively with incidents.
The lack of accountability around the breaches raises the risk of this could happen again according to Major Account Manager at Fortinet, Paul Williams.
Speaking in Johannesburg at the launch of Fortinet's new operating system, FortiOS 5.4, Williams said, "There is no given body that sits in either ICASA or another body or even the department of communication that says we actually need to regulate how financial institutions or even hospitals manage their clients. They don't really have an investigative body that investigates incidents of fraud. There should be a body, even if it is based in the department of justice that asks about what happened in incidents of fraud instead of merely setting down what a bank, for example needs in order to obtain a license."
Williams says the usefulness of investigations into some of the serious cases of network insecurity would be useful especially because the companies affected often refuse to take responsibility because of how this may affect their reputation.
These organisations need to move back to the days of segmented networks in order to not only combat growing threats inside their networks, but also to gain full visibility of these networks he adds.
"We need to monitor all the sensitive traffic so that we spot even those who compromise it on purpose. Although it is not always possible to pinpoint the root of an attack. We need a team of - almost like risk managers - who can ask about what happened, investigate and report back to say to the different organisations 'what are you doing about it?'Those people will also need to have knowledge from a consultancy point of view."
Williams says a local adjudicator in the event of security breaches in both the public and private sectors will also have to consider the wide reach of cyber criminals and work with similar bodies on the continent and in other parts of the world.
John Ward, Systems Engineer, Africa at Fortinet says the growing popularity of IoT worldwide as predicted by information technology research and advisory company Gartner highlights the need enterprises to ensure network visibility in order to ensure greater security on their networks.
Gartner predicts that 6.4 billion connected things will be in use worldwide in 2016, up 30% from 2015, and reach 20.8 billion by 2020.
"Typically when it comes to the internet of things I tend to think SCADA and control and management, those sorts of things. You have to have the ability to create IPS rules to make sure that that a device can only access specific things and switch this and that on because a someone installs a device and no one comes back to check on it for the next twenty years."