Friday Jan 10, 2025
Saturday, 9 July 2016 00:00 - - {{hitsCtrl.values.hits}}
The third e-Guardian Partner Conference, organised by e-Guardian Lanka Ltd., a Sri Lankan based international organisation specialising in information security and data centre technologies, was held recently. In bringing some of the IT industry’s key professionals and industry principals, the third E Guardian Partner Conference centred on a critical aspect for the entire IT world – Cyber Security.
The event provided the participants with the opportunity to enhance relationships and domain knowledge to harness emerging technologies and best practices within the industry. The three-day event, held between 27 and 29 May at the Citrus Waskaduwa under the theme ‘Beyond Boundaries’ saw two timely and important topics discussed exhaustively by a panel of experts and industry heavy weights followed by an interactive Q&A session with the audience.
The first of the two discussions focused on a topic that’s receiving increasingly greater attention within ICT circles but unfortunately isn’t as widely discussed or even understood in the board room: Threats to IT infrastructure that come from within.
The main take away of this first session was that insider threats are real and on an upward trend at the moment. As such, having a continuous monitoring mechanism such as a security operating centre is vital, but with lack of top level awareness at board level this may be harder than it appears.
Information and Cyber Security Professional Dilan Walgampaya explaining insider threats said, “If you look at a lot of organisations, security levels implemented inside is not as sufficient as those implemented outside. We think the attacks will always come from the outside. If you look at various analysis, all research points out to the fact that perimeter attacks are now becoming less frequent because the perimeter is secure. The easiest way, therefore, is to come from within.”
One approach to curbing this, he said, would be to adopt the so called zero trust model.
“Organisations trust their insiders 100%; which should not be the case. The zero trust model, where you do not trust even the employees including senior employees of the organisation, posits that if someone needs to access the system, they need to go through the same kind of rigorous implementation that an outsider needs to go through,” explained Walgampaya. Escalating the risks up to the board can also help, he added.
“IT people were always the risk owners of an organisation. But in a business sense, this should not be the case. The IT department should not be the people who take the risks and base decisions on it. It is the management or board that have to take the risks. These kinds of frameworks allow people to escalate risks to the correct level. And get them to answer to the correct channel – not through an ad hoc manner,” he said.
LOLC Principal Information Security Consultant Parakum Pathirana who also took part in the discussion said adopting the right processes and training people adequately could help curb the threat of insider attacks.