BY VICTOR ADAR
It is that grey afternoon. You are rearing to send that daily report when your Internet starts fluctuating. No emails are going through. Then, your laptop, too, begins to act up with problems that you can’t fathom. The system down time makes you angry wondering what to do. Mark you, time which flies like a bird and waits no man, is ticking and you have a deadline to beat… the emails must be sent out before close of business, that document must be printed on schedule but the printer won’t allow you to do so because there is still an issue with the network system. Keeping tabs with the digital revolution is not an easy affair.
Firstly, today’s worker wants to explore beyond one screen; they are creative and have a way of getting things done such that when old fashion settings where employees are urged not to use their personal computers, flash disks, or even mere cell phones as a way to control threats and boost productivity are embraced for example, it is not nice an environment. If you employ this easy-going lot who would as well twit from home, you could be ignoring the hard truth as far as dealing with cyber security is concerned.
Security threats cannot take a backseat if companies are to flourish and deliver bottom line growth. It is all of data base administrators and security professionals taking a proactive approach to data security by making encryption a priority as a way of effectively protecting the most vulnerable elements of IT systems. When threats happen despite all the caution, you are all left wondering how come?
According to Janusz Nacklicki, Oracle’s Senior Vice President for Africa, building a database security strategy is the first step for a company in ensuring security has been addressed inside out. If not well thought out, he says, “it is surprising, then, that businesses don’t prioritise investment in protecting their databases.”
Speaking at the recent Africa Security Summit in Tanzania, Mr Naklicki said this proactive approach is fundamental to spotting and neutralising threats before they have a significant impact on company data.
“Even if an organisation’s perimeter is breached, by placing security controls around sensitive data, detecting and preventing SQL injection attacks, monitoring database activity, encrypting data at rest and in transit, redacting sensitive application data, and masking non-production databases, organisations can reduce the risk of data exfiltration,” he says.
Worse, the 2016 Data Breach Investigation Report by Verizon Enterprise indicates that databases are the second most frequently targeted asset by people inside an organisation, trailing only desktop computers, players in the technology sector cringed.
Meanwhile, as businesses are burdened by cyber security with one of the major challenges being users who are green about technical systems, many of these concerns centre around the rise of hacking, a threat which has continued to outpace other means of attack by a large margin, and which has grown proportionally alongside today’s lucrative information black market.
People in the industry say that other paths to dealing with security concerns ought to include education of users. Some individuals only do what they know best like punching stories on word file, designing artworks on Adobe Indesign, or managing social media accounts, and so forth, and lacking the technical bit of things. They know nothing beyond the hardware, as the most important thing is, all the systems are expected to work accordingly.
William Makatiani, the CEO for Serianu, notes that over 75% of cyber-attacks in the East African region are caused by insiders, mostly disgruntled employees – organisations are set on a roll as the situation is worsened by the fact that the content only has an approximate of 3,500 certified security personnel.
Further, organizations pour billions of dollars into information security every year. And like clockwork, hackers too find new ways to access and steal sensitive data. A nearly US$300 billion global cybercrime market is a powerful incentive for keeping ahead of the technology curve. When you look at how some people have lost millions by just sharing the credit card details with strangers (and even friends and relatives) nothing is further from the truth. Indeed, the market for stolen credit cards alone is about $100 billion, handily outstripping the entire global cocaine market.
Removing the risk will tickle down to save even the popular point – of – sales (POS) intrusions which have also been identified as one of the largest contributors to data breach incidences. This is attributable to the fact that POS devices continue to be a reliable source for this data, notably the POS terminals that directly consume magnetic stripe information from customers. With proper practice it is critical to check out the monitoring options available for the POS environment and validate the implementation.
As a means to curb cybercrime, Oracle for example, has delivered a technology to safeguard data at the source—the database. This is making them provide a comprehensive portfolio of security solutions to ensure data privacy, protect against insider threats, and enable regulatory compliance for both Oracle and non-Oracle databases. The “powerful” preventive and detective security controls include database activity monitoring and blocking, privileged user and multifactor access control, data classification and discovery, transparent data encryption, consolidated auditing and reporting, secure configuration management, and data masking.