The new decade is still in its infancy and already we have heard news of potential malware attacks on major banks in the sub-Saharan Africa region. These alleged attacks are thought to be the work of a Russian hacking group named ‘Silence’. While it seems that South African banks have been unaffected to date – according to the South African Banking Risk Information Centre (SABRIC) – this news is certainly consistent with the significant trend towards the monetisation of cyberattacks – there is real money to be made in working to breach the cyber defences of businesses, both big and small. And thus, there is no surprise that throughout 2019, organisations across all industries globally were targeted by cyberattackers.
This holds true whether we are talking about information being stolen for illegal gains, IT systems being hacked and shut down until a ransom demand is paid, or operational technology (OT) systems and critical infrastructure being damaged or shut down for geopolitical purposes. And so it is unlikely that attacks are going to slow down during 2020, says Stefan van de Giessen, general manager for cybersecurity at value-added distributor Networks Unlimited Africa.
“No industry or organisation is immune from attack, with top targets during 2019 including governments, the financial services industry, manufacturers, retailers and consumer goods, and infrastructure providers,” he says. “Based on this, we advise implementing a next-generation security solution that should include various, complementary products. It’s good practice to start securing the edge of the networks, thereafter moving to business critical services and solutions, and then covering other attack vectors such as internal segmentation.
“We recommend adopting a phased approach in order to develop a layered security posture – this assists with controlling costs as well as the complexity of management involved. So once the baseline has been established, IT security can then look at how to protect against unknown threats, enable the encryption of your data, and deploy decoys in your network to lure away hackers.”
According to Van de Giessen, important security issues to consider for 2020 include end point security, network visibility, deception-based technology, the rise of the managed service provider, the convergence of the IT/OT space, the local IT skills shortage, and the issue of compliance with regulation.
He broke down each issue:
End point security: Investing in a next-gen firewall (NGFW) and antivirus (NGAV) technology with endpoint detection and response (EDR) capabilities, as well as a secure e-mail solution, is critical in securing against the most prevalent attacks.
Better network visibility: This allows you to more closely monitor network traffic for malicious behaviour and potential threats. For example, you can better detect when someone gains unauthorised access to the network, thereby allowing security measures to respond quickly. The use of user and entity behavioural analytics (UBEA), software that analyses user activity data from logs, network traffic and endpoints, and correlates this data with threat intelligence, allows you to identify activities or behaviours that are likely to indicate a malicious presence in your environment.
Deception-based technology: Deception-based technology works hand-in-glove with better network visibility: The solution creates a decoy setting that simulates the actual environment by deploying a decoy virtual machine (VM) into the existing network, with attractive decoys, credential lures, ransomware bait and data deceptions. This allows early and accurate detection to track lateral movement and credential theft.
The rise of the managed service security provider (MSSP): The move to MSSPs is a growing trend, allowing IT security teams to outsource the management of certain aspects of security and to solve issues such as a lack of skills or resources. He offers this warning, however: “From a compliance point of view, it is still the organisation’s responsibility to know which products are being used to protect its data – using the services of an MSSP doesn’t relieve an organisation of responsibility for its own data.”
The convergence of the IT/OT space: The convergence of the information technology and operational technology (IT/OT) space has become a new challenge globally in recent years. “Hackers have started targeting the OT network, which previously was not necessarily linked to an IT network, to bring down critical infrastructure and manufacturing plants, for example.
“The rise in the Industrial Internet of Things (IIoT) has not necessarily come with adequate and/or appropriate cybersecurity. The IIoT allows tools and machinery of all types to be connected to the internet, bringing major benefits such as better monitoring and increased visibility, but also risks to the business that, by and large, simply did not exist a decade or so ago. A recent study by the IBM Institute for Business Value (IBM IBV) showed that industrial companies are not doing enough to protect their plants from being hacked.”
The IT brain drain in South Africa: “While there are many new products available to us, we are losing too many skilled IT people who are leaving our shores. According to a report in mid-2019, based on a survey of 110 companies, including JSE-listed organisations as well as large multinational groups operating in Africa, information and communications technology specialists and engineers remain the most difficult to recruit. In security, there are three vectors that are important in security, namely time, product and skills, and skills are severely lacking in our markets across Africa.”
Compliance with regulation: “South Africa is behind the curve with data regulation compliance when we compare ourselves to the European Union’s General Data Protection Regulation (GDPR), which has already been in force for over a year, as well as compliance legislation in other SADEC countries and also West Africa.
“South Africa’s Personal Protection of Information Act (POPIA), which is similar to the EU’s GDPR, has not yet been implemented, and it was signed into law in November 2013. POPIA will enable businesses to regulate how information is organised, stored, secured and discarded. The Act aims to protect consumers from having their money and identity stolen as well as keep their private information private. The time delay in implementing POPIA is not helpful for businesses and for our IT systems, which will eventually need to be compliant.”
He says that, considering all of these factors, it becomes clear that security is not a single-product solution.
“Customers need a multi-product approach so that they can defend themselves both proactively and reactively. Today’s security teams must acknowledge the threats posed by all attack vectors, and work proactively on preventing them.”