JEDDAH – Amid pervasive threat of cybercrime attacks, a cybersecurity expert said creating awareness about security is a necessity.
In an interview with the Saudi Gazette, Marc Maiffret, Chief Technology Officer, BeyondTrust, said “the biggest challenge is always in creating awareness about security that it is a necessity. Too many times in business people look at security as something you spend money on with no return on investment, but at the end of the day there are many examples of where it costs companies far more to have not done security right vs. having made an investment in security.”
He said cybercrime affects most modern countries in the world, and it has noticeably shifted to the GCC countries over the last few years.
With over 4 million Internet users and 34 percent increase in mobile browsing in the Gulf region, the probability of hackers and bad guys invading into one’s privacy is relatively high. Against this backdrop, one of the best ways to safeguard one’s privacy and avoid falling victims “is simply keep your software up-to-date. Most hackers leverage unpatched software weaknesses to install malware and take control of computers. One of the best ways you can stay safe is simply to make sure your quickly identifying and fixing any outdated or misconfigured software. We even provide free solutions for consumers and small businesses (up to 256 computers) to help do just that. Visit http://go.beyondtrust.com/retinacommunity for more information.”
Moreover, “besides keeping your software up to date you also need to take simple safeguards. Such as for common social and email services such as Google Mail, Facebook, LinkedIn, etc… making sure that you use options such as ‘two-step verification’ or ‘two-factor authentication.’ This can help make your online accounts much more secure from password guessing and related.”
Asked for clues or signals that a user or surfer could notice or detect on the screen if there are some attempts, or impending, much more ongoing cybercrime, on his computer or mobile unit, Maiffret said “for a general home user not really. The most you can monitor is something like anti-virus. But again, if you’re good about keeping your software, such as Adobe, Java, Windows, iTunes, etc… up to date, you will have to worry less.”
For corporate users, there are no foolproof ways to remain secure from hackers and protect the assets.
He said “you will never be 100 percent secure but a strong vulnerability and patch management process at an organization can go a long way to protecting an organization. Also making sure that you are not giving employees excessive privileges by leveraging best practices such as least-privilege environments can go a lot way in limiting the number of ways that you can be attacked.”
On the vulnerability of GCC companies to such attack, and the moves to be taken to protect the system against viruses and make sure that vital information are not compromised, the security expert said “definitely there are a lot of vulnerable companies in the GCC, but I have also seen a lot of interest and focus on finding solutions to these problems. Security is an on-going cycle and never stops and I think the most important part is to stay diligent and clearly there are a lot of companies in the GCC that are trying to do that. It is one of the reasons we opened a new regional HQ in Dubai.”
On protecting the website from malicious external attack, he noted that “the best thing to do is to look at your website through the eyes of a hacker. There are a lot of commercial and open source website security scanner products that can assess the security of your website for weaknesses that an attacker can use to leverage to break into your site. We even sell such a solution at BeyondTrust – Retina Web Security Scanner.”
On ways to repair the damage and restore the damaged site, he emphasized that “it is always best practice to try to start fresh. But that really depends on the system that is being breached. A lot of times you cannot simply start from scratch but rather a previous uncompromised backup of a system.”
BeyondTrust will exhibit its full portfolio of security products at this year’s Gitex Technology Week on Oct. 20-24, 2013 in Dubai. – SG
