Yolande Byrd, FACTS Consulting

Security analyst and host of the Risky Business security podcast, Patrick Gray, said cyber espionage “isn’t going anywhere, and is leading to a trend for organisations to attack back”. Gray said he expects to see growth in the importance of post-compromise analysis as a result.

He noted that social engineering, weak passwords and fallible authentication systems are easy ways into organisations’ networks.

“We are pretty close to a situation where banks have to ship pre-keyed, low-cost tablets to customers to secure their online banking,” he said.

DATA KEY TO CUTTING FRAUD

Marinus van Aswegen, Telic Consulting

Yolandé Byrd, director of FACTS Consulting, said five years ago, the biggest fraud losses were due to financial statement fraud. Today, corruption is the biggest fraud threat, with 41% of fraud cases detected by informal tip-offs, and not by formal mechanisms within the organisation itself. Only 1.1% of fraud is detected by IT controls.

“Simply put, the statistics show that companies are not doing enough.” Byrd said data allows a company to make better sense of the problems within its organisation.

According to Byrd, a survey of individuals working in organisations that are effectively reducing fraud found the effective use of data and data analytics is key to fraud prevention.

TIME TO RETHINK STRATEGIES

It is time for enterprises to rethink their defence strategies, said security architect and founder of Telic Consulting, Marinus van Aswegen. Effective security boils down to “keeping the bad guys out and far away”, but this is not done overnight, or without inevitable holes, he noted.

<a href=

Danny Myburgh, Cyanre" />“There are just so many layers that we cannot always understand all the levels [of threats], and so, despite our best efforts and resources, we are actually losing.”

He said there are eight factors enterprises should bear in mind when reviewing defence strategy:
1. Define your own strategies.
2. Learn from others, find what works for you.
3. Embrace change.
4. Articulate your goals/objectives.
5. Accept that you may fail, and plan accordingly.
6. Without intelligence and visibility, you cannot change tactics/strategies.
7. Understand the strengths and weaknesses of your strategies.
8. There will be unintended consequences.

LOCAL CYBER ESPIONAGE ON THE INCREASE

<a href=

Dominic White, SensePost" />Danny Myburgh, MD of IT forensic specialist Cyanre, says Cyanre is seeing a marked increase in local industrial espionage. “In the past eight months, we’ve seen a sudden increase in the number of local individuals and organisations targeting local companies for industrial espionage. The spyware in use is very sophisticated and appears to focus on company communications, including e-mail communications, Internet usage and online chat.” The main targets for this spyware, Myburgh said, are senior management, finance departments, R&D and sales. “In around 75% of cases we investigate, we find there was inside involvement – usually deliberate. Social engineering is used to a lesser degree, and we are also seeing spyware being mailed in, embedded in pdf files.”

BASING CYBER SECURITY ON PHYSICAL SECURITY PRINCIPLES

Physical security can provide a number of guidelines when establishing an information security model, said Johann van der Merwe, global head of information security at De Beers.

Johann van der Merwe, De Beers

Lessons that role-players in information security can take from physical security:
• Know exactly who your enemy is and what their objectives are.
• Ask questions to understand how big the problem really is.
• Understand the effectiveness of your controls.
• Expect the human element to fail.
• Technology can give a sense of comfort that is detrimental to a security model.
• Recognise the importance of having a strong leader in place.
• Companies can only be successful if they have all their multidisciplinary teams
working together.
• All systems must be on par.

UNDERSTAND THE BAD GUYS

Security expert Dominic White, CTO of SensePost and member of the ITWeb Security Summit technical advisory committee, said offence-oriented defence has become key in the battle against cyber crime.

“Accepting that nothing is 100% impenetrable, it has become more important to understand what cyber criminals are doing, in order to protect networks,” he said.

“It’s clear that right now, companies are suffering breaches from ‘bad guys’, who aren’t necessarily using new techniques. It is important to understand what they are actually doing, by analysing what exactly takes place after the initial breach. We want to understand them better, get under their skins and look at their techniques, motivation and targets.”