You can't protect what you don't know

You can't protect what you don't know: this old(ish) cyber security maxim profoundly illustrates one of the biggest problems facing cyber security professionals today

You can't protect what you don't know: this old(ish) cyber security maxim profoundly illustrates one of the biggest problems facing cyber security professionals today – how can I defend my organisation from attackers when I don’t even know what my cyber estate looks like? The traditional cyber perimeter is evolving so fast that most organisations struggle to determine where exactly their critical information assets reside; let alone put in place effective controls to ensure that business critical information and systems are secure. For the purposes of this article, I am going to focus on an area that most IT managers and Information Security professionals struggle with, namely, continuous visibility of cyber assets and the management of vulnerabilities thereon. 

 Using your physical offices as an analogy, do you have a programme or service in place to ensure that all your physical security measures are “on” and working optimally? Do you regularly test your alarm system and electric fence, do you have 24/7 security patrolling your perimeter to ensure that no intruders have breached your security and do you have access control to ensure only “known” entities are allowed to enter your premises? Do you routinely check that a hole has not been cut in your border fence and once aware of this vulnerability, do you not tend to it immediately? South Africans are acutely aware of the need for proper physical security, but why do we not treat our cyber security with the same degree of gravitas? Regardless of what business we are in, the vast majority of our IP and other critical business information resides on IT infrastructure or is contained within applications. So surely the threat posed by cyber criminals is now greater (and potentially more costly) than then that posed by physical criminals? There are also now multiple examples of the damage a single cyber breach can do to a company, and Equifax is a good example of how a 120 year old organisation may potentially shut its doors after a single breach. 

So what practical measures can we put in place to ensure that we at least have visibility of our cyber estate, as well as whether there are any critical vulnerabilities that need to be addressed? 

Camargue Underwriting Managers has partnered with Magix to offer vulnerability and web applications assessments, when a new cyber liability policy placed. This means that within a couple of hours, we are able to provide a report that shows what assets are “live” and connected to the internet, how vulnerable those systems are to attack (graded in terms of severity), and most importantly, how to remediate those vulnerabilities in the most effective manner. And with 75% of hacks happening at the application layer, we are also able to provide the exact same assessment on business critical web applications like websites, client portals or e-commerce sites. And whilst this is by no means the be all and end all of your cyber security practice, it does go a long way to providing the visibility required to better protect your cyber estate.

More News Stories

May 21, 2020
Life in lockdown - Tips on surviving isolation from a Kidnap survivor

At the end of March, South Africa went into a strict five-tier lockdown. Seven weeks into one of the toughest lockdowns, in which cigarettes and alcohol sales were banned.

Read story
May 19, 2020
Covid-19 and General Liability Insurance

Everyone is feeling the effects of the COVID-19 pandemic and responding in different ways. Businesses across South Africa are rapidly implementing policies to comply..

Read story
April 29, 2020
Electronic signatures during COVID-19

Given the unprecedented times that we currently find ourselves in, we need to adapt the manner in which we conduct business in the insurance industry.

Read story