OPINION PIECE
Securing the perimeter is not enough to protect your data — what happens if a bad actor is already inside? Despite the fact that it is a decades-old exploit, phishing remains a top threat to organisations today.
B
By Kate Mollett, Regional Director at Commvault Africa.
ad actors looking to steal personal information and credentials will use phishing scams because they are simple and effective, and once they have access, they can exfiltrate data and spread ransomware. Stolen credentials give bad actors authorised access to networks, and once they are inside, they can inject malware and wreak havoc. The traditional ways of securing networks, like firewalls and VPNs, are no longer enough, and securing the perimeter is challenging in a remote working, borderless world. Zero trust has become critical to not only ensure authorised access only, but to continually validate access to prevent bad
38
SECURITY FOCUS AFRICA APRIL 2022
actors with stolen credentials from infiltrating networks and deploying ransomware attacks. Are they who they say they are? A ransomware attack is often not the first port of call for bad actors, and it can be seen as a symptom of a bigger problem. Typically, what happens is that threat actors will gain access to a network, and then begin to infiltrate other areas of the organisation. Only once widespread access has been gained will a ransomware attack be deployed. If they gain access using stolen credentials, it may take a long time to identify the attack, by which time a significant amount of damage may already have been caused.
Kate Mollett
securityfocusafrica.com
