EDITOR’S QUESTION
Muhammed Mayet
Practice Manager - End User
Computing, Dimension Data
For this reason, it is imperative to augment
your security to address this larger
attack surface. Anti-virus is an important
component, however, the most common
vector of attack is the use of social
engineering. Understanding your users and
increasing their level of security awareness is
a critical part of reducing the impact of social
engineering and other tools utilised for recon
of target environments.
Most organisations believe that perimeter
security in combination with anti-virus is
sufficient to secure their networks. Modern
attacks make this approach inadequate. The
current attack surface of an organisation has
increased with the introduction of BYOD, Big
Data, and Cloud.
In order to enable business benefits, corporate
and client data is available through multiple
mechanisms. Whilst the business justification
and the direct benefit is easy to quantify, in
many cases, the rush to be first to market or
innovative has placed security at a lower priority
and left gaps which could be exploited.
A typical attack includes:
• Recon – Discovery of the environment
• Execution –Attack
• Escalation – Deeper penetration
• Exfiltration – Data theft
These steps target your technology stack,
employees and connected 3rd parties (e.g.
suppliers and clients). The Target breach in the
US and the Sony attacks are recent examples.
The Target breach in particular is believed to
have been initiated utilising the credentials
Targets HVAC supplier.
90
INTELLIGENTCIO
To assist organisations with this particular
aspect, Dimension Data has developed the
End-User Computing Development Model
(EUCDM). The EUCDM assists clients in
determining how to:
• protect your data and systems in a multidevice environment;
• cut costs when looking after smart devices,
laptops, and desktops;
• support end users so that they can work
anywhere and anytime;
• budget for projects to put the right systems
and services in place; and
• create a roadmap, strategy, and execution
plan.
In order to achieve this we focus on the
organisations’:
• Users;
• Applications;
• Operations;
• Devices;
• Infrastructure; and
• Security.
Through this approach organisations are
able to address the security concerns of the
modern threat landscape whilst gaining a
better understanding of how IT can better serve
business users.
www.intelligentcio.com