Tag Archive for: addressing

IP addressing could support effective network security, but would it be worth it?

/in


Why is it that over 90% of enterprises tell me that they expect to spend more on security over the next three years, and almost 60% say they expect to spend less on networking? We obviously think that network technology is getting more efficient, more competitive. Why isn’t that the case for security? The short answer is that enterprises have been chasing acronyms and not solutions.

Acronym-chasing comes about because by nature, security is hard to plan for. The average network expert finds out there’s an issue because some higher-up reads or hears about a breach. Maybe they do a quick search, and they find out that what they really need is SASE. Or maybe they need SSE, which we’re told is SASE without SD-WAN. In any event, what happens is that there’s pressure to add this new thing on, and that creates another layer of protection…maybe.  Complication and cost? Surely.

Chasing acronyms is bad, but there may be a lesson in the latest security equation: SSE equals SASE minus SD-WAN, right? Well, maybe the minus-SD-WAN piece is where we’re going wrong, because a lot of our security cost and complexity problems could be solved by letting the network play a role in its own protection, and we actually know how to do that. In fact, it leverages networking’s fundamental property: addressing.

You can’t have connections if you can’t address the things being connected. The power to address is the power to hack. All of networking is about addressing, and it shouldn’t be a surprise that addressing could play a major role in security. Tools like IPvirtual private networks, private IP addresses, and (yes) virtual networks and software-defined WANs are widely available but not always effectively used.

VPNs can reduce risk of intrusions

Let’s start with VPNs. The number of enterprises who don’t use IP VPNs in some form is statistically insignificant. An IP VPN is a form of what used to be called a closed user group, a community range of addresses that can freely communicate but are isolated from the internet unless their addresses are explicitly exposed.  However, all VPN users can reach other VPN users, where private IP addresses can isolate one…

Source…

#ITWebSS2021: Addressing the human factor in cyber security

/in


Priscilla Mutembwa

Priscilla Mutembwa

Human factor plays a big role in the vast majority of security breaches. 

Bad actors have become masters of social engineering, tricking users into actions that circumvent even the tightest cyber security systems by preying on human error.

Using psychological manipulation, they trick individuals into opening attachments, clicking on malicious links, downloading malware such as ransomware, or divulging passwords and financial login details, as a way of getting a foothold onto company networks.

Security awareness training helps to lower this risk, and prevent the loss of personal information, intellectual property, money or brand reputation.

An effective training program should make employees understand the role they play in helping to fight data breaches, and stop the common cyber security mistakes they may make when e-mailing, surfing the Web, disposing of documents, or using flash drives that might contain sensitive data. 

Priscilla Mutembwa, vice president of the US-Africa Cybersecurity Group, will be presenting on ‘Developing an effective security awareness and training programme’, at the ITWeb Security Summit 2021, to be held as a virtual event from 1 to 3 June.

Mutembwa is a business leader, advocating for small holder farmers and cyber security in Africa. She holds qualifications in computer systems engineering, accounting and cyber security management and policy implementation.

She began her career in information systems development and implementation. Following a period as a management consultant, Mutembwa became a chartered management accountant, and after achieving an MBA, she found her career transitioning into general management. This culminated in her becoming the CEO for Cargill Zimbabwe for seven years before relocation to the US where she then moved into cyber security. Subsequent to her gaining a Masters in Cybersecurity, she joined the US-Africa Cybersecurity group where she was responsible for cyber security policy development and implementation. Currently, she heads up DAMIPA consulting, a risk management consulting firm specialising in cyber security that she founded.

During her presentation, she…

Source…

Addressing Emerging Security Threats of Cyberattacks

/in


Undeniably, cyber threats such as cyber terrorism, espionage, theft and Distributed Denial of Service against persons, businesses or critical national infrastructure is detrimental to the internal security of a nation. To address these threats and its attendant consequences, the Nigerian Army recently held an inter-agency workshop on how to mitigate these vulnerabilities through cyber operations known as cyber warfare, writes Chiemelie Ezeobi

Undoubtedly, every society is increasingly relying on the internet and other information technology tools to engage in personal communication and conduct business activities. This is not just limited to Nigeria. Over the years, this global

development has brought about enormous gain in productivity, efficiency and communication.

However, despite the gains gotten from technology and internet, the dark side exposes users to the risk of cyber-attack, which has become a security concern and for security operatives, they create problems which are detrimental to the security of a nation.

Cyber threats such as cyber terrorism, cyber espionage, cyber theft, Distributed Denial of Service (DDOS) against persons, businesses or critical national infrastructure is detrimental to the internal security of a nation. As such, nations round the world are increasingly developing capabilities to mitigate these vulnerabilities through cyber operations known as cyber warfare.

Exercise Crocodile Smile

It was in the interest of such that the Nigerian Army recently held a workshop at the Army Officers Mess, Outer Marina, Lagos. The workshop brought together field commanders of the army, Nigerian Navy (NN), Nigerian Air Force (NAF), Nigeria Police, Department of State Services, Nigerian Security and Civil Defence Corps (NSCDC), Federal Road Safety Commission (FRSC), Nigerian Customs Service (NCS) and Nigerian Immigration Service (NIS) to brainstorm on how to address cyber attacks that threaten peace and security.

Tagged Exercise Crocodile Smile VI, the army headquarters had disclosed that the exercise which would run from October 20 to December 31, would carry out cyber warfare operations to counter negative propaganda by…

Source…