Digital technology continues to transform the world of business by exposing organisations to a multitude of opportunities and threats. It is, therefore, not surprising that cybercrime continues to escalate rapidly, says GRAHAM CROOCK, Director of IT Audit, Risk and Cyber Lab at BDO South Africa.
Ranking as the second-most reported crime in South Africa. Corporate breaches in the headlines are turning hackers into the new super rogues, as these dedicated, organised, and well-financed cyber criminals bombard organisations through alternating attack tools and paths.
This trend has established cybercrime as a growing industry, which has accelerated in the last five years complete with automated tools, customer support, and guarantees for product effectiveness. The commoditisation of new attacks and automated tools has culminated in even the most amateur hacker being able to effectively deliver professional-level threats into a targeted organisation.
Complexity is the major cause of today’s cybersecurity problem, owing to extreme intricacy and solutions being costly. Data is extremely multifaceted, extensive and difficult to manage in a timeous way. This begs the question: How to manage the involvedness at a reasonable cost?
A common but often mis-understood and over relied on solution is the implementation of firewalls. However, the major pitfalls of this so-called “trusted” solution is that firewall configuration is often not aligned with changing cybersecurity policies. In short, the rate of change with regard to cyber-related risk is accelerating rapidly, increasing the security gaps organisations contend with, and leaving them more exposed than ever before.
Keeping pace with new attack techniques, and effectively defending against advanced threats, is perhaps the biggest challenge facing security teams today in a world of cyber threats. Therefore, architecting a cybersecurity solution that dynamically adapts to ongoing change is crucial. This, however, is expensive and for many organisations, unaffordable.
Consideration must be given to the underlying key themes affecting the management of cybersecurity in South Africa today, these include the following:
- Monetisation of malware (Ransomware),
- Imposition of collateral damage,
- Changes in attackers’ mindsets to shift their efforts to the direct attack of applications,
- Political pressure attempting to de-couple privacy and security attempts, and
- Implementation of faster and wider reaching infrastructure, which is not supported by skilled security experts due to the current “brain drain” associated with unprecedented levels of immigration of trained and skilled engineers and technicians who chase “real money” as opposed to the weakening Rand.
It’s no wonder that cyber security professionals keep asking: “What can we do to protect ourselves and our customers from these new found criminals ?”
As a security professional in today’s business space, we need to enable a productive work environment while providing all of the controls needed to protect the integrity and ownership of the organisation’s data as well as that of the business’s clients or customers.
To achieve appropriate levels of security is not quick nor easy, but rather complex and extremely specialised, thus requiring extensive planning, design and architecture. Therefore, the precautions that businesses who wish to survive and achieve true cyber readiness will have to take incorporate include:
· Treat security breaches as “when” and not “if” situations
· Invest meaningfully in people processes and technology
· Put cyber, network security and survival in the business context
· Stop deployment of and reliance on “end point fix solutions”
· Practice resilience scenarios and Business Continuity Plans (BCP)
· Understand the attack lifecycle and plan accordingly
· Ensure that you have an active education programme in place to ensure your staff understand the threats and are trained to react appropriately to an attack
It takes time and substantial management, as well as executive involvement, to strengthen your company’s defenses against cybersecurity risks. The ten most important cyber risks companies should be considering are:
- Failure to identify cyber risks and implement basic cybersecurity controls
- Failure by executives to identify and understand what generates corporate cybersecurity risks
- Lack of a cybersecurity policy
- Confusing compliance with cybersecurity
- Failure to recognise the importance of social engineering and the risks associated with the human factor
- Bring your own device policy (BYOD) and the cloud
- Lack of adequate funding, talent, training and implementation of inappropriate resources
- Insufficient information security training
- Lack of a business continuity and data recovery plan
- Failure to identify, accept and understand the rate at which cyber risks are evolving (polymorphic risk)
A few years ago, the concept of cyberattacks in the context of constantly moving targets was considered impossible, but now, the future is here and this is, for all businesses the new reality.
Effective governance and management are two critical elements for implementing effective cybersecurity. In moving to your next cybersecurity solution, a key goal must be to simplify security management wherever possible. Survival will be achieved through cyber-readiness!
Cyber criminals constantly innovate their threat tactics to breach organisations and make off with valuable data. As cybercrime evolves, we see increased innovation in the hacking tools and techniques used to evade known security mechanisms.
In the past few years, we have consistently noticed more advanced and targeted attacks where hackers spend ample time investigating their targets and tailoring their attack methodology. The attacks are becoming more sophisticated and are comprising multiple layers and techniques, each outsourced to specialty groups, ensuring zero-day effects.
Hackers are achieving this by making sure nothing remains constant. Each stage of the attack changes by leveraging morphing techniques, such as dynamic DNS, fresh URLs for command and control (CnC), self-destruct tools, and more. These tools are available on the Web and are easy to access as “freeware”. Yesterday’s zero-day code has already been developed, packaged and is available to cyber criminals for use in secondary campaigns.
It is crucial to understand the economies of hacking and to accept that these attackers recycle many of the same attack components. In fact, as many as 90% of these so-called “new” attacks can be prevented simply by appropriately using existing security technologies as part of an end-to-end cybersecurity plan.
Attackers typically use the most proven forms of attacks because they work, knowing that organisations are often several steps behind in patching up their systems and updating their defenses against the latest attack methods.
Boards need to have appropriate composition with cyber ready professionals, capable of demanding and positioning oversight for effective cyber readiness. It takes time and involvement to strengthen your company’s defenses against cyber security risks, but this process can help your organisation maintain shareholder value and even achieve new performance peaks.