Dimension Data (DiData) Tuesday, together with two of its suppliers — Cisco and Baltimore Technologies — urged companies to adopt draconian security measures at a presentation entitled “Hackers Defeated.”
Gary Middleton of DiData said that business in South Africa lost in excess of R300 million last year, quoting an article from the Mail and Guardian. Following this announcement, the speakers went on to paint a grim picture of the state of security in South Africa.
Eighty-two percent of attacks come from within an organization, said Arnaud Beaumesnil from Cisco, originating with disgruntled employees, temporary and contract staff or even business partners. These attacks may result in loss of credibility or intellectual capital and often leads to downtime — he estimated the cost of downtime for Cisco at US$182,640 per hour. Damage to credibility and theft of intellectual property are harder to quantify.
Therefore, he said, a company must permanently monitor and control its network. Youve built the walls between you and the outside, he said, now police inside the compound. He suggested frequent vulnerability assessment checks, instituting a strict hierarchy of privileges (including web and email) and “social engineering.”
Social engineering, in Beaumesnil’s opinion, means changing management and employee culture. Management must adopt a culture of denying employees everything unless it is essential and the employee has demonstrated trustworthiness. Employees, on the other hand, must be taught to authenticate everything, e.g. calls from the “insurance company.”
Baltimore speaker, David York, added to Beaumesnil’s comments by discussing the importance of monitoring employee’s email and Web-usage habits. Hacking and cracking aren’t the only threats, he said: companies face litigation if an employee forwards racially or sexually offensive material, for example. And companies have a stake in ensuring that employees use their Internet facilities for work-related purposes, not productivity-reducing personal use.