advertisement
#AfrSS2017: Conceptualizing Security, Inspiration from Aviation Technology
There are several ways that one can use to conceptualize computer security. According to experts, the best approach in most…
There are several ways that one can use to conceptualize computer security. According to experts, the best approach in most cases is to understand three basic questions. These include why protect? Who to protect? And how to protect? When an organization finally understands and answers these questions, it can develop a resilient security system that fits its organizational needs.
Former FBI director noted that there are two types of organizations in the world in the digital era. These include organizations that have experienced security breach and those that will be attacked. However, he also noted that these two will converge in the future. To this end, there will be companies that have been attacked and will be attacked again by cyber criminals.
Despite that most organizations understand the financial and brand image implications of security attacks, their Chief Information Officers have no idea where they should start when securing critical IT infrastructure.
advertisement
Various groups of professionals have come up with different theories on how to secure organizations from cyber criminals. However, most of these theories have done little to deter cyber criminals. The increasing cyber-attacks in organizations have led IT security to find lessons in other industries.
One of the industries that IT security professionals need to consider for inspiration is the aviation industry and in particular around airports. This inspiration was explored by Martin Walshaw the Regional Coordinator of F5 Networks during African Security Summit in Nairobi organized by CIO East Africa.
He suggested that IT security experts should champion security models that airports use. In this case, all persons and vehicles that are entering the airports must be stopped at a distance before they can access the internet. They are then asked some questions. As this happens, any suspicious activities are picked up by the airport security personnel that are stationed at each checkpoint.
advertisement
Through this method, terrorists are kept at bay from accessing the airport complex. Additionally, the time it takes for passengers to get to the airport is increased. This means that intrusion of criminals is reduced. When checkpoints are used effectively and placed strategically, it is better to detect and prevent terrorists before they enter sensitive areas in an airport.
Security experts argue that, an organization must implement a security solution that involves the examination of the source of an IP address including its reputation. As this is being done, it is possible to catch any attacker even before they launch an attack. By default, all security solutions must deny access to applications, websites and networks by default.
Apparently, most organizations are spending more than 90% of the security budges protecting networks while only 28% percent of attackers target networks. This means that organizations have misplaced priorities. To this end, organizations detect and respond to attacks when they have already occurred instead of protecting against attacks. Organizations need to protect against attackers before they get into organizational networks, websites and application.
advertisement
However, Mr. Walshaw noted that this may not always work as the silver bullet to keep away cyber attackers. As such, some criminals may circumvent security checks by cooperating with insiders or using diversionary tactics. For computer security experts, they must use tools that identify and stop attackers before they launch a massive attack on an organization.
(The author is a Presidential Digital Talent Programme participant)