INTELLIGENT ENTERPRISE SECURITY

With rise of attacks from within weak segments of the network, the line between trusted and untrusted traffic has blurred, says Michael Xie from Fortinet.

The world moves swiftly, the IT security world even more so.

Just a couple of years ago, securing the enterprise would basically consist of protecting an organisation from external intruders. Today, the battle has changed ground. Education efforts from industry players have created higher levels of IT security awareness in the business world, and more firms have implemented basic security measures that can thwart direct attacks effectively.

This development is forcing hackers to go up the game by figuring out alternative ways to get their hands on valuable enterprise assets. One new strategy that is becoming more common across the world is for hackers to gain entry to a corporate network by targeting its weakest points.

Such points can include an unsecured employee mobile phone, or a workstation with limited access to corporate data. These weak points typically reside in low value segments of the corporate network. Once the hacker breaks in and gets a toehold, however, they can navigate to other more valuable parts of the network, which tend to be more rigorously protected from external attackers, quite easily.

This lateral movement modus operandi proves to be effective most of the time because many organisations do not isolate different segments of the network from one another. Moving from segment to segment is usually a breeze once hackers get into the network.

A few trends will make such attacks from within the organisation more common in the coming years:

Adoption of employee-owned mobile devices in enterprises These are often poorly secured and provide a weak point of entry into the organisation for hackers.

Exponential growth of

IoT devices Early and even current versions of these devices are not designed with security in mind, and are tedious if not impossible to secure properly.

42 Issue 04 INTELLIGENT TECH CHANNELS