Fortinet says IT leaders in Malaysia need to be more aware of cyber threats
People usually have a highly honed sense of situational awareness that perceives dangers so that they can be avoided like staying clear of a dodgy part of town or even avoiding unsavoury chaps that can lead to trouble.
According to Fortinet Malaysia, this highly honed sense for danger present in people unfortunately doesn’t seem to quite carry over when they conduct their business online. “When people use IT, however, this behaviour surprisingly does not carry over. They click on dubious links without a second thought, open files they do not recognize, and connect to wireless networks they are unfamiliar with,” said Michelle Ong, Country Manager for Fortinet Malaysia. “If people could become more situationally aware in their handling of computing devices, they − and the organizations they work for − would be victimised by cyber threats much less often.” In organisations, this can be disastrous as the actions of one individual can impact on the entire company. Whether through malice or mishap, one wrong click on a link or an inadvertent download of a file loaded with malware may just end up bringing a company to its knees.
To prevent this from happening requires a comprehensive approach to operational security as well as digital situational awareness throughout the organisation from top to bottom is necessary. Fortinet has advised IT leaders to focus on four broad operational thrusts:
1- Identify Business Mission and Goals
While it ought to come as a no-brainer, IT leaders need to understand the business mission of the organisation and then align the IT assets and resources available towards that mission. This requires an audit of what data is generated within an organisation, who has operational oversight over that data and where this data would overlap with other assets and divisions within the organisation. Effectively, this means taking the lay of the land and determining what data you have, where it is going and who needs that data within the organisation.
2 – Determining Cyber Assets
An organisation needs to audit and catalogue all assets on the network along with possible vulnerabilities. This may require drilling down to a device level including what OS is installed on a particular machine, what apps are running on it and what data is stored on it. Vulnerable cyber assets need to be patched and secured as most exploits target known vulnerabilities within the past five years.
3 – Assessing Network Infrastructure
The extensive inter-connectivity of devices today within an organisation represents new threats and attack vectors from threat actors. Even an innocuous device such as a smartphone connected to the company network can be an entry point for cybercriminals. IT leaders need to find out how and where devices critical to the organisation are connected, what data flows through them and plug or monitor them securely.
4 – Identify Cyber threat actors
IT leaders need to know the capabilities and modus operandi of threat actors targeting their organisation both from within and without with emphasis on bad guys who are focused on stealing mission critical data stored within the organisation.
