In its annual report dedicated to cyber security, consulting firm EY notes that more than 88% of large companies acknowledge having suffered a computer security incident in 2016. Every year, scandals following computer attacks multiply. Last year alone, there were two large-scale attacks targeting the Internet giant Yahoo and the US Democratic Party. However, all these organizations have a substantial budget for their cybersecurity. Beyond the technical expertise required by these subjects and the lack of human resources trained to understand them, it is necessary to question the causes for the success of these attacks. At the time of the digitization of companies, The widespread image of a protected company as a fortified castle seems no longer appropriate. Yet the cyber security industry sometimes seems to persist in this direction.
Antivirus, firewall or antispyware software, all these products have now made their way onto many computers for home users. In the professional world, few companies do not have them: continuously updated and improved, these products form the technical foundation in charge of the protection of most computers, tablets and other ordiphones. It is important to note that these products, however sophisticated, do not allow to effectively block the most organized attacks. So cyber security Singapore offers particular solutions to these problems.
To understand the origin of these attacks, it is necessary to recall an essential principle: pirates, as gifted as they are, are rather lazy in nature. They will systematically look for the easiest vulnerability to attack. This means that our hacker will not attack the most secure systems, but will try to find a system that has been forgotten in the upgrade process or has disabled some of its security mechanisms. For large groups, it is not uncommon for the Information Systems Directorates (ISDs) to manage more than 300,000 devices. It is therefore realistic to think that some systems are not subject to security controls. Once the foot is placed on the system, the hacker can start to attack the internal network of a company.
Despite apparent complexity, IT security is based on simple principles. One of the most important is the concept of defense in depth. Defense in-depth is defined as a defense strategy of using multiple security techniques to reduce the risk when a particular security component is compromised or malfunctioning. This principle, which is well known by computer security decision-makers, is still being implemented very roughly today.
Indeed, all the protective measures mentioned so far have one thing in common: they focus on the workstations (or endpoints in experts’ jargon). This is called perimeter defense. On these systems, there is a stack of security technologies that, despite their efficiency, offer only minimal security gain compared to their complexity. The most annoying thing is that these products will never participate in establishing an impassable security barrier for a company.
The weak point of this perimeter approach is that once an endpoints barrier is reached, a hacker can freely attack the system and access internal resources within a company. In practice, few security products are currently deployed to secure the core of a company’s network. However, this is where the private data that a pirate wants to reach is stored. There are a few exceptions (such as corporate firewalls) but they seem to be poorly sized (and especially badly configured!) To deal with the multitude of threats.
In general, security products designed to protect the core of a company’s networks are scarce and little used. Yet this is where the gain in safety could be most important. Indeed, all our peripherals must be connected to this core if they want to access the data of the company. It seems therefore logical to want to secure the central node rather than to exhaust itself to secure all the resources that revolve around it. For example, security researchers today agree that Active Directory is an unknown security brick, yet essential to the security of a business.