News Articles

Cybersecurity: Four ways you can keep the hackers away

Source: ZD Net, 18/10/2020

CIOs are under more pressure than ever before when it comes to cybersecurity concerns, especially now that many or even all of the staff in their organisation are working from home, perhaps using unfamiliar software and hardware as they try to do their jobs on lockdown.
The array of devices and applications that they have to take responsibility for has been rapidly expanded by the coronavirus crisis, and criminals have been keen to exploit any organisations thrown off-balance by the rapidly changing circumstances, which means taking a fresh look at what IT security really means. Tech analyst HFS Research recently reported that 56% of enterprises expect to increase their security spending in response to COVID-19.
`The threat landscape changes on a daily basis,` says Simon Liste, chief information technology officer at the Pension Protection Fund (PPF). `We`ve had to shift our approach so that we recognise that information security is not about `if` you get hit but `when` you get hit. Understanding that shift in terms of technology, culture and leadership has been hard ` and not just for the PPF, but for a lot of organisations.`
Liste says he`s fortunate to have a strong technical background and, from his previous roles as a technical engineer and analyst, believes he`s developed a good understanding of cybersecurity concerns. Here`s four areas he believes IT leaders should focus on to create an effective security strategy.
1. Get buy-in from the senior leadership team
Liste says it`s crucial the board understands the importance of cybersecurity. `At board level it`s on the agenda at all times, especially in the position we find ourselves in right now with COVID-19,` he says.
Set up by the Pensions Act 2004, the PPF protects millions of UK people who belong to defined benefit pension schemes. If their employers go bust, and their pension schemes cannot afford to pay what they`ve promised, the PPF pays compensation for their lost pensions.
`We have a responsibility to our internal colleagues and our external members to make sure that the data we`ve got is secure,` he says. `Because of the role we fulfil as an organisation, we need to protect the intellectual property that we have.`
Since joining the PPF in February 2018, Liste has worked with the board to help develop their awareness of cybersecurity threats. The effort has paid off.
`They really get the critical role of information security to our organisation,` he says. `And they`re continually evolving their understanding, so they know that security isn`t just about dealing with external threats.`
2. Focus on continually honing your processes
When he became CIO at the PPF, Liste brought the management of cybersecurity back in-house after it had previously been outsourced to an external provider. He was keen to take back control of IT management decisions and he`s developed an information security and privacy department.
`We don`t just do a standard annual check of our systems; instead, we`re constantly evaluating our estates,` he says. `Cybersecurity is about trying to keep on the front foot all the time, but it`s also about understanding you can`t find a silver bullet that sorts everything. That just doesn`t happen, so you need an ethos of constantly checking and challenging.`
As part of his internal management of cyber-defence systems, Liste has established an information security committee, which helps to coordinate IT security initiatives at the executive level and ensures the value of ` and risk to ` data is established and recognised.
The organisation adheres to industry best practices, including ISO 27001, which is the international information security standard. The PPF is also looking at the Cyber Essentials Plus information assurance scheme operated by the National Cyber Security Centre.
`What`s important is the mechanism around applying the right processes,` says Liste. `You need to think about a range of key questions: how can you identify, how can you monitor, how can you manage, how can you recover, and how can you be proactive?`
3. Layer your security partners ` and test them, too
Liste says insourcing IT has allowed his team to disaggregate the support model and spread provision across a series of suppliers, which helps to reduce the level of potential risk.
`Don`t put all your eggs into one basket,` he says. `There`s often a debate around cost-appropriate security solutions, but I don`t think you can sacrifice costs when it comes to security. It`s not a financial decision ` it`s more around identifying what`s absolutely fundamentally critical in terms of the data you need to protect.`
Liste says the PPF uses cloud-based, perimeter gateway services and also more traditional enterprise firewalls. He advises other CIOs to try and spread risk at the hardware level and use different providers for different areas of IT infrastructure, such as servers and desktop PCs. He says the PPF`s main security partner is a `top-five global specialist`.
`A good security partner has intelligence ` they can interrogate what`s happening on your network, and what traffic`s going in and out, but they also know what`s going on outside your corporate environment in a place like the dark web,` he says.
Liste is impressed with the level of expertise he receives, but he advises other CIOs to take nothing for granted. He refers to his main partner as his `blue team`, but he also employs a `red team` of ethical hackers to regularly test the approach his main security partner is taking.
`That`s to see if they can break the services and the recommendations that have been made,` he says. `We`re just trying to layer the way we`re protecting people and data, and the interaction between people and data as well.`
4. Engage with the rest of the business
Liste has gone to great lengths to strengthen security awareness at the board level and to build security capability within the IT department. Yet he says it`s crucial to recognise good security is a whole-organisation effort. When it comes to creating education programmes, he says CIOs should be prepared to lean on the expertise of other functional heads.
`A good collaboration with your learning and development team, your communications team and your training team is absolutely critical,` he says. `You need to work with these experts to make sure you`re constantly updating and engaging with people and educating them around the evolution of the cybersecurity risk.`
Liste says structured internal education and awareness programmes are the best way to teach staff across the organisation about potential risks. But he also says that training development shouldn`t stop at the enterprise firewall, particularly as most staff are currently working at home due to social distancing.
`We don`t limit our approach to corporate education,` says Liste. `We also talk about awareness at home, which is obviously crucial right now, and we talk about the risk of phishing and being aware of the text messages that tempt you to click on links. We say that the secure practices our people apply at work should be carrying on 24/7.`
www.vsoftsystems.co.za


Search

  •    The Department of Home Affairs plans to expand its partnership with banks to offer more services at branches across the country. In a presentation to parliament on Tuesday (31 August), the department said that there are currently 27 bank branches that offer E-Home Affairs services across six different provinces. The department said it plans to roll out these services to a further 43 sites in the near future.... Read more...
  •    Long queues and systems that are constantly offline have long plagued Home Affairs offices. It`s affected many people. Home Affairs says it will be using this weekend to resolve issues just like these. Reporter Mawande Kheswa has more. Courtesy #DStv403 There are over 400,000 uncollected IDs at Home Affairs offices nationwide.... Read more...
  •    Apart from logistics, there are myriad use cases for almost every other industry, so if you are not using location intelligence, are you even relevant?... Read more...
  •    Home Affairs Minister Aaron Motsoaledi has written to his Cabinet colleague, Arts and Culture Minister Nathi Mthethwa, asking him to take disciplinary action against his director-general, a former Home Affairs official linked to the Gupta naturalisation saga. The Home Affairs minister has tried to make it easy for the arts and culture minister by even supplying the recommended charges. “You don’t escape disciplinary proceedings by going to different departments,” Home Affairs Minister Aaron Motsoaledi told MPs on Tuesday.... Read more...
  •    terms section 26C of the Skills Development Act 97 of 1998 as amended, the Minister of Higher Education is required to establish a register of artisans. This register unfortunately could not be implemented as the regulations were not yet in place to establish this register, therefore the NAMB letters were acceptable as they pointed to the absence of the National Register of Artisans. In the absence of a clear framework on how to recognize foreign artisans in the republic it meant that the Department of Home Affairs was left to its own devices hence the constant changes in approach.... Read more...
  •    Home affairs minister says two-thirds of all anticorruption work in the department relates to immigration The home affairs department, together with the Hawks, is investigating the operation of organised crime syndicates involved in the fraudulent issuing of documents. An undercover operation... Read more...
  •    The Department of Home Affairs (DHA) has begun implementation of its electronic visa system (e-Visa) to 15 countries. The implementation would be released in a phased approach, starting with Kenya and Cameroon, said DHA Chief Director of Port Control, Rika Anker, in a letter to the airline industry on Monday (September 6). She noted that only short-term e-Visas would be issued initially for a period of 90 days or less. “Other e-Visa categories will be added later during the implementation process.”... Read more...
  •    Residency in limbo: Living in hope of the stamp of approval from South Africa’s Home Affairs Years of waiting for permanent residence to be granted, unable to work, open a bank account or sign for a cellphone contract, exact a heavy toll on a person. “I can’t sign contracts with industry partners. I can’t open bank accounts. I am completely dependent on my partner,” says James (not his real name), who’s been waiting for word on his permanent residence application for several years.... Read more...
  •    Foreign Artisans now required to register before applying for visa. National Register of Artisans now in effect Dear foreign artisan, Applying for critical skills work visa in South Africa as an artisan has been a challenge for the longest time. In 2014 when the current amendments to the Immigration Act were gazetted several gaps were identified... Read more...
  •    The Department of Home Affairs has announced a new appointment system in a bid to cut down on excessive queueing and corruption. Presenting to parliament on Tuesday (31 August), the department said that the appointment system has been finalised and will be deployed in selected offices in the current financial year.... Read more...

Get the latest Immigration News