Anton Jacobsz, MD of Fortinet distributor, Networks Unlimited, says in South Africa, even large enterprises tend to think that firewalls and anti-virus are enough. "People think firewalls will sort you out, but the reality is that attacks have become far more sophisticated and increasingly common. Now, anyone with a grudge against a particular company can go online and find tools or hackers who will take down that company's site for a few hundred dollars."
Not only is it easy to attack a company's site or network, he says, but the reasons for doing so have become increasingly complex. "It's not just about money," he says. "Attackers might want to put a competitor out of commission, or they may not approve of the work of the organisation, or perhaps they want to take a high profile company's site down simply to prove they can."
Jacobsz says it happens all the time, and in many cases, victims of a Distributed Denial of Service attack don't even know they have had such an attack. "They know their site went down, but they don't know why," he says.
For some companies, losing a site for a few hours or days impacts on customer confidence and brand reputation, with relatively low financial losses. But for others, like online retailers and gaming sites, downtime is a disaster, notes Jacobsz. "Global gaming sites can literally lose millions if their sites go down for an hour or more."
Every organisation stands to lose significantly if attackers penetrate its networks and compromise its systems or data. Jacobsz notes that in many cases, networks have been compromised for some time, but the enterprises are unaware of it.
"No organisation can pre-empt, detect and defend against an advanced threat 100% of the time," says Jacobsz. "But organisations have a better chance of mitigating risk if they approach IT security from a position of continuous 'heightened security resiliency'."
Jacobsz says multi-layered attacks demand a multi-layered security strategy: reduce the surface for unauthorized access; step up threat prevention through advance systems for inspection of traffic and applications; step up threat detection using intelligent tools to search for indicators of anomalies within the network; implement an effective incident response plan and introduce continuous monitoring. "Enterprises need to be aware that the threats are constantly changing - just because perimeter protection prevented an attack once, it does not mean it will do so again. Constantly changing threats demand constantly evolving solutions and strategies," he says.
It is also important to ensure that individuals within the organisation are security-aware, he says. "Around half of malware detections occur as a result of individuals who report them." With staff, a traditionally easy way to breach enterprise defences is by training employees to be aware of suspicious emails and report anomalies in applications. This is crucial, he says.
There is no single solution to protect against all possible attacks, says Jacobsz. "To minimize their risks, enterprises need to sit down with a partner who specialises in the security environment and carefully implement a multi-faceted plan starting with the standards such as firewalls, perimeters; then looking into authentication layers, threat detection, data analysis and more."
