FEATURE: NETWORK SECURITY

As a result of this, organisations in the Middle East are spending a lot of money on technology around cyber security, and we also see great levels of investment and focus on governance, risk and compliance. This is evident from the increase in the number of businesses successfully securing accreditations such ISO27001:2013.

Despite these positive developments, however, there remain critical flaws in frameworks and policies, and this places even organisations that have invested in network security solutions square in the sights of attackers. Among these are:

• The users have too many rights! They can install applications outside a governance or validation process and unfortunately these applications can result in malware.

• Systems are not kept up to date and patched, meaning that malware utilising exploits that have already been addressed by the vendors can still be successful in infection.

• Organisations allow risky file types and rely on single point products in their critical dataflow such as mail, USB’ s and web-browsing. Should anyone really be allowed to receive a file which is compressed at multiple layers and includes a full executable?

• Some IT teams do not bother to identify the risks in their infrastructures and make sure they are fixed, they simply get caught up in operations. So while they pay to invest in expensive boxes, they may not take the necessary effort to ensure the systems are actually addressing the issues.

ORGANISATIONS ALLOW RISKY FILE TYPES AND RELY ON SINGLE POINT PRODUCTS IN THEIR CRITICAL DATAFLOW SUCH AS MAIL, USB’ S AND WEB-BROWSING. SHOULD ANYONE REALLY BE ALLOWED TO RECEIVE A FILE WHICH IS COMPRESSED AT MULTIPLE LAYERS AND INCLUDES A FULL EXECUTABLE?

44 INTELLIGENTCIO www. intelligentcio. com