Policy Management
Tools and technologies are worthless without well-defined security policies. Effective policies balance the imposition of security measures against the productivity gains realized with little security. Centralized policy-management tools that can analyze, interpret, configure, and monitor the state of security policies help consolidate the successful deployment of rational security policies.
A company's network is like any other corporate asset: It is valuable to the success and revenue of that company.
More than ever, the corporate computer network is the most valuable asset of many companies. Therefore, it must be protected. Generally, middle- to large-size companies appoint a chief security officer, whose job is to develop and enforce corporate security policies.
Security experts warn Kenya faces growing cyber threat
SRS was recently asked by the Business Daily magazine to provide insight into the issue of cyber security and its impact on Kenya. One of SRS directors, Jason Finlayson gave some comments on this. Read on below:
Security experts have sounded renewed warning that Kenya stands the risk of becoming one of the world’s major information security hotspots due to the general lack of awareness on existing threats, absence of a dedicated cyber security watchdog and legal framework.
Financial institutions and companies are primary targets as the defence of sensitive data is not being upgraded in tandem with shifting threats.
“As a whole, the current level of cyber security in the country is in immature stage - while there has been some progress over the last year, not enough is being done to secure vital information,” said Jason Finlayson, Director of Operations at Security Risk Solutions.
Mr Finlayson said that the country risked joining South Africa, Nigeria, Cameroun and Ghana as one of the African countries that are quickly becoming as havens for e-criminals.
“With increased fibre connectivity, we can expect the number of opportunistic attacks originating from Kenya to increase exponentially,” said Mr Finlayson.
Following last year’s arrival of high speed internet connectivity through undersea fibre optic links, an increasing number of industry analysts have raised the alarm over the security preparedness of Kenyan companies Financial institutions, mobile service providers and companies that have an online presence have been tagged as prime targets for hackers – malicious programmers who break into computer systems - as the country moves more of its business processes online.
Security analysts say the advent of high speed connectivity will draw the attention of international hackers who were previously put off by time it would have taken to break into local websites. In addition, many companies put themselves at risk due to a lack of awareness of the threat.
Rise in theft
Currently, the biggest security issues facing companies in the country is information theft by employees, who can siphon information from company data banks and pass it on to competitors.Security Risk Solutions said that the last year had seen a rise in syndicated thefts - where employees of banks collude with international hackers to coordinate theft attacks and later share the spoils.
“Alongside credit card fraud, this is the most prevalent theft currently being encountered by local banks,” said Mr Finlayson.
For companies in the financial sector, such employees tend to undertake fraudulent activity such as monetary theft by manipulating data.
“Poor governance by firms and the changing market dynamics have created the need for evolving solutions. Companies need to have a holistic view of their security needs,” said Collin Mamdoo, the chief operating officer of IS Solutions.
Financial institutions and companies are primary targets as the defence of sensitive data is not being upgraded in tandem with shifting threats.
“As a whole, the current level of cyber security in the country is in immature stage - while there has been some progress over the last year, not enough is being done to secure vital information,” said Jason Finlayson, Director of Operations at Security Risk Solutions.
Mr Mamdoo said that many companies were wary of the hefty costs associated with deploying an effective security solution which was leading to more solutions being outsourced.
Confidential information
“There has been a move from companies buying the software to buying service packages that are outsourced. Often, companies can save time, money and talent by using this option,” said Mr Mamdoo.A recent report from Symantec Corp revealed that malicious code activity continued to grow at a record pace throughout 2008, primarily targeting confidential information of computer users.
The report said that cyber criminals were profiting from creating and distributing customised threats that steal confidential information, particularly bank account credentials and credit card data.
“The unfortunate reality is that innocent Web surfers can visit a compromised website and unknowingly place their personal and financial information at risk. Computer users have to be extra vigilant about their security practices,” said Marc Fossi, executive editor, Symantec Internet Security Threat Report XIV.
2010/05/24 - Extracted from the Business Daily Magazine published May 24th 2010
Security News
 |
|
|
|
|
 |
 |
 |
 |
|
The mantra of any good security engineer is: 'Security is a not a product, but a process.' It's more than designing strong cryptography into a system; it's designing the entire system such that all security measures, including cryptography, work together. - |
|
|||
 |
|
|||
 |
 |
|
||
 |
|
|||
Security Risk Solutions Ltd Partners
|
|
|||||
Security Risk Solutions Ltd.