INTELLIGENT ENTERPRISE SECURITY
Internal firewalls new mantra to curb insider attacks
With rise of attacks from within weak segments of the network , the line between trusted and untrusted traffic has blurred , says Michael Xie from Fortinet .
Traditionally cyberattacks on corporate networks have come from outside the organisation . With the growing usage of personal mobile devices and the rise of the Internet of Things , the danger now comes from within .
The world moves swiftly , the IT security world even more so .
Just a couple of years ago , securing the enterprise would basically consist of protecting an organisation from external intruders . Today , the battle has changed ground . Education efforts from industry players have created higher levels of IT security awareness in the business world , and more firms have implemented basic security measures that can thwart direct attacks effectively .
This development is forcing hackers to go up the game by figuring out alternative ways to get their hands on valuable enterprise assets . One new strategy that is becoming more common across the world is for hackers to gain entry to a corporate network by targeting its weakest points .
Such points can include an unsecured employee mobile phone , or a workstation with limited access to corporate data . These weak points typically reside in low value segments of the corporate network . Once the hacker breaks in and gets a toehold , however , they can navigate to other more valuable parts of the network , which tend to be more rigorously protected from external attackers , quite easily .
This lateral movement modus operandi proves to be effective most of the time because many organisations do not isolate different segments of the network from one another . Moving from segment to segment is usually a breeze once hackers get into the network .
A few trends will make such attacks from within the organisation more common in the coming years :
1
Adoption of employee-owned mobile devices in enterprises These are often poorly secured and provide a weak point of entry into the organisation for hackers .
2
Exponential growth of
IoT devices Early and even current versions of these devices are not designed with security in mind , and are tedious if not impossible to secure properly .
42 Issue 04 INTELLIGENT TECH CHANNELS