Biggest IT security threats in South Africa

ghoti

Karmic Sangoma
Joined
Jan 17, 2005
Messages
45,693
how does their title prevent them from doing something idiotic.
It doesnt. Your CEO and CFO are not correctly educated and trained to deal with the risk correctly then the information security officer has work to do.

In some cases, especially organized espionage, your future, and the companies future, depends on you been able to convince the CEO and CFO how dangerous the risk is and how to manage it. My personal experience is in many cases, neither users or IT are sufficiently prepared for modern attacks. Especially when the attack includes more than 7 layers.
 

ActivateD

Expert Member
Joined
Jun 7, 2004
Messages
1,342
It doesnt. Your CEO and CFO are not correctly educated and trained to deal with the risk correctly then the information security officer has work to do.

In some cases, especially organized espionage, your future, and the companies future, depends on you been able to convince the CEO and CFO how dangerous the risk is and how to manage it. My personal experience is in many cases, neither users or IT are sufficiently prepared for modern attacks. Especially when the attack includes more than 7 layers.
At one organisation where we did a social engineering campaign the user found our USB drive that we had placed at their organisation. That user gave it to the IT manager which was the correct thing to do but the IT manager decided to plug it into his PC and run the file. We moved from a potential low privileged account to a highly privileged one. Too many IT personnel think they are forensic analyst and cyber incident handlers as well.
 

ghoti

Karmic Sangoma
Joined
Jan 17, 2005
Messages
45,693
At one organisation where we did a social engineering campaign the user found our USB drive that we had placed at their organisation. That user gave it to the IT manager which was the correct thing to do but the IT manager decided to plug it into his PC and run the file. We moved from a potential low privileged account to a highly privileged one. Too many IT personnel think they are forensic analyst and cyber incident handlers as well.
This is something I had to learn I had the Dunning-Kruger Effect with. Since I knew IT for so long, I never could have imagined the organization and sophistication when attacks come on every layer and through every channel. Another hard thing to do is even explain how hectic this is without the person experiencing it.

Too many in IT, a phishing attack is just an easy to spot fraudulent email. Its not an organized APT with an ops playbook corrupting your sysadmin.
 

Daruk

Honorary Master
Joined
Jul 18, 2008
Messages
39,038
Immediate grounds for TERMINATION of employee service
Just hit the door running and never come back
Applies to opening "strange" emails as well
Yeah, that's not going to happen unless you've demonstrated negligence - i.e. you provide training and clear guidelines. Even then there are rules to follow.
 

Daruk

Honorary Master
Joined
Jul 18, 2008
Messages
39,038
It would be tricky... So long as that personal use doesn't breach the company network and doesn't impact the work of the employee it would be difficult to sell that to the ccma.
Well it wouldn't have to breach anything, if that's clear company policy, then it's company policy and disobeying that could result in termination if the rules are clear. Unauthorized equipment can have devastating effects. I've stumbled upon many an open WiFi access point at businesses including auditors. One of those businesses had their payroll accessible on a machine with the entire drive shared without password protection.
 

Daruk

Honorary Master
Joined
Jul 18, 2008
Messages
39,038
This is something I had to learn I had the Dunning-Kruger Effect with. Since I knew IT for so long, I never could have imagined the organization and sophistication when attacks come on every layer and through every channel. Another hard thing to do is even explain how hectic this is without the person experiencing it.

Too many in IT, a phishing attack is just an easy to spot fraudulent email. Its not an organized APT with an ops playbook corrupting your sysadmin.
Talking about layers - the number of sysadmins who simply forget most layers in their system is staggering. All they're concerned about is the technical and visible stuff (including software). It's becoming more important to learn to hack your own system or hire someone to pen test it. You have to be proactive and think like a black hat to properly secure it.
 

Daruk

Honorary Master
Joined
Jul 18, 2008
Messages
39,038
At one organisation where we did a social engineering campaign the user found our USB drive that we had placed at their organisation. That user gave it to the IT manager which was the correct thing to do but the IT manager decided to plug it into his PC and run the file. We moved from a potential low privileged account to a highly privileged one. Too many IT personnel think they are forensic analyst and cyber incident handlers as well.
Yeah, "clicking" or "running" crap should happen in a sandbox. That's 101.
 

Daruk

Honorary Master
Joined
Jul 18, 2008
Messages
39,038
It doesnt. Your CEO and CFO are not correctly educated and trained to deal with the risk correctly then the information security officer has work to do.

In some cases, especially organized espionage, your future, and the companies future, depends on you been able to convince the CEO and CFO how dangerous the risk is and how to manage it. My personal experience is in many cases, neither users or IT are sufficiently prepared for modern attacks. Especially when the attack includes more than 7 layers.
That's just it. If you become a target by even a mildly sophisticated outfit, most businesses today will have a hard time keeping them at bay. That's why it's important to hire infosec experts - outsource if you have to, but DO include it in your budget.
 

access

Executive Member
Joined
Mar 17, 2009
Messages
9,034
Do I need to point out the obvious?

Think you missed the point here labeling isn't fixing the problem. Which is pretty much (I am sure) ghoti was pointing out.
It doesnt. Your CEO and CFO are not correctly educated and trained to deal with the risk correctly then the information security officer has work to do.

In some cases, especially organized espionage, your future, and the companies future, depends on you been able to convince the CEO and CFO how dangerous the risk is and how to manage it. My personal experience is in many cases, neither users or IT are sufficiently prepared for modern attacks. Especially when the attack includes more than 7 layers.
who said 'labeling' is an attempt to fix a problem?

more than 7 layers, i assume you mean a user, which is what was pointed at.

way too serious, stating the obvious. it was made in jest in response to the headline. we have a lot of stubborn users in south africa and companies need to be way more strict with cyber security enforcement. people get away with a lot here.
 

ekske1

Executive Member
Joined
Apr 22, 2017
Messages
5,073
who said 'labeling' is an attempt to fix a problem?

more than 7 layers, i assume you mean a user, which is what was pointed at.

way too serious, stating the obvious. it was made in jest in response to the headline. we have a lot of stubborn users in south africa and companies need to be way more strict with cyber security enforcement. people get away with a lot here.
I'm not going to argue for argumentsake. Point is... just calling people stupid without addressing the issue is dumb.
 

access

Executive Member
Joined
Mar 17, 2009
Messages
9,034
I'm not going to argue for argumentsake. Point is... just calling people stupid without addressing the issue is dumb.
you already have.

the comment was not meant to address the issue. would it have been better if said 1D10T... its a joke, its exists.
 
Top