The past 10 days have seen headline after headline about cyber attacks on South African organisations. From DDoS attacks on ISPs, to municipalities and banks being targeted, it seemed like the country – and its vital infrastructure – was under attack.
Ignus de Villiers, Divisional Manager, Cybersecurity, at Nexio, points out that this is not strictly accurate. Attacks are ramping up globally, so the number of South African organisations being impacted is increasing as a result, he says. “Unfortunately, the local cyber security readiness, maturity and posture of companies is contributing to more success and impact of attacks locally. While there are certain industries, such as our financial industry, that have similar or equal cyber security maturity to their counterparts in more developed countries around the world, our public entities and SME’s are generally more vulnerable due to a lack of skills and cyber security investment,” he explains.
As a result, he warns that local companies will continue to fall victim to international cyber criminals as they spread their attacks across the globe, and that they must at least start putting measures in place to mitigate the effects. “For example, a Security Incident Response Plan, combined with backups, a Disaster Recovery and Business Continuity plan, and cyber insurance to address possible liability claims, will ensure that ransomware or similar attacks have less of an impact. Similarly, adding comprehensive redundancy architectures (including multiple providers) and comprehensive DDoS services from providing ISP’s will mitigate the impact of a DDoS attack.”
de Villiers adds that each threat needs specific defences to stop an attack from succeeding, so it’s no wonder that organisations who don’t have dedicated security teams are feeling overwhelmed. “To defend against ransomware, companies must ensure that they apply defence in depth, meaning that they must implement multiple layers of security controls, including signature-based malware, behaviour-based malware, as well as zero-day and Advanced Persistent Threat Protection (APT) which is typically linked to sandboxing, to assist with dealing with the unknowns,” he explains.
“Malware defences should be applied for mobile devices, workstations, servers or multiple instances thereof at the virtual layer, on email gateways, proxy/web gateways and also for groupware as well as for all encrypted sessions. The above controls should further be complimented by network traffic analysis and threat detection as well as Security Incident and Event Management or similar solutions so that unauthorised communication between infected internal assets and external attackers can be detected and acted on.”
When it comes to data extortion, Endpoint Detection and Response (EDR) or Managed Detection and Response (MDR) solutions should be added to the mix, as they are key to early detection, de Villiers says. “A good overall security control posture is always needed to defend against data extortion. That should be enhanced by advanced security controls that are aimed at data protection, such as encryption. This should be applied for both structured and unstructured data and complimented by data leakage prevention solutions as well as threat detection and analysis tools.”
The good news, he says, is that South African companies have access to all the tools and expertise they need to put effective defences in place. The bad news, however, is that until local companies prioritise security investments, they will remain less mature, and thus more vulnerable, than businesses in other parts of the world.