by Brian Pinnock

The evolving threat landscape

Why cyber resilience is the only way to stay ahead


2018 has already seen several high-profile cyberattacks and data breaches in South Africa, which is concerning considering we’re only just past the halfway mark. IT decision makers who work in the public and private sector alike are fighting an uphill battle in an effort to address and combat the growing number and types of attacks. Every year security reports show that most of these attacks are carried out via email – the number one business application used today and the number one vector used to execute cyberattacks.

In the past, IT departments would manage threats by implementing ‘good-enough’ security measures to filter out spam, malware and viruses, while other people in the organisation knew very little about cyberattacks. These days, cybercrimes make news headlines every day, with the average person or organisation the target of increasingly sophisticated attacks. Just about everyone today has an email account – which makes everyone an easy target. Security has become a key discussion point for executives of just about every company, government department or NGO in the country. Unfortunately, most lack the necessary defence mechanisms and skills needed to manage these increasingly worrying threats.

Government departments hold significant amounts of personal and sensitive data as demands for digital public services grow. Opportunities to enhance and expand these services across education, social care, housing, planning and other areas are substantial. However, it is vital that local government organisations safeguard personal data against cyber threats. Risks from cyberattacks have the potential to cripple public services, affect day-to-day running of councils and compromise national security.

An evolving threat landscape

As South Africa wakes up to the fact that cyberattacks are a very real threat, cybercriminals are becoming smarter and finding new and improved ways to infiltrate your organisation. It’s become a defence arms race, to keep up with the level and volume of attacks. Organisations, with small IT departments do their best by implementing different security capabilities and vendors. Unfortunately, it’s no longer entry-level attacks we need to worry about. Ransomware has become a major threat as hackers hold critical data hostage and take entire organisations offline until a significant sum of money is paid. According to a recent study by Mimecast and Vanson Bourne, over the past 12 months almost half of responding organisations in South Africa (48%) have seen an increase in ransomware.

In the public sector, from a global perspective, there’s been a 49% increase. And this can have devastating consequences. Just look at the WannaCry crisis of 2017 that affected organisations across the globe, most notably the U. K’s National Health Service where up to 70 000 devices, including medical equipment, were affected and patients’ personal information was compromised. These widespread attacks are far reaching, cause the biggest stir and make news headlines for weeks and months afterwards. But what about all the targeted attacks on smaller organisations, or local government departments, that don’t make the headlines, but cost money, time, productivity and reputation?

We’re starting to see a spate of impersonation attacks that use social engineering, where hackers trick unsuspecting victims into making wire transfers or sharing confidential data by impersonating executives within an organisation. There are also growing instances of supply chain attacks, where threats make their way into an organisation through so-called third-party suppliers. To the average individual these attacks are hard to identify and if you have mediocre security in place, they will make their way in.

Many organisations in South Africa don’t have adequate defence measures in place as it’s often not considered a priority expense or there’s an ‘it will never happen to me’ way of thinking. But even those that do spend enough on layered security should still acknowledge that the hackers will find new and improved methods to get through this defence strategy. As a result, the human element is still required to mitigate risk.

Highly sought-after security skills

No matter how advanced your security solution is, your defence strategy requires additional support. This can come in the form of data feeds and security analytics solutions that can help identify trends and risks. But unfortunately, this requires security experts who have the necessary knowledge and training needed to analyse trends, assess risks and extract threats. Most lean organisations barely have IT departments in place, never mind cybersecurity departments. There is a major security skills shortage around the world and South Africa is certainly no exception. Globally, it’s estimated that there will be 3.5 million unfilled information security positions by 2022 (Centre for cyber Safety and Education 2018). This is a staggering statistic and one that needs to be addressed urgently.

While the private and public sectors and tertiary institutions focus on general IT skills, the upskilling of security professionals is lagging. Big corporations are fighting over talent, with security professionals becoming hot property. This has led to a situation where highly desirable security staff moves to other organisations, taking their valuable skills with them. This departure of knowledge and the ability to manage security solutions and analyse threat intelligence leaves companies in disarray and their IT systems vulnerable to attack. And smaller organisations, with smaller budgets have a complete lack of skills. It’s therefore important for organisations of all sizes to ensure they have right risk mitigation in place to ensure they don’t fall victim to an attack or, at the very least, that they’re able to recover quickly and effectively. In short, it’s important to build an effective cyber resilience strategy with comprehensive security controls before, continuity during, and automated recovery after an attack. But how can this be achieved?

Educate the humans

Having the relevant advanced security technology in place is essential to keep organisations safe from threats, while we wait for the necessary personnel to be upskilled. But while not every organisation has a security professional managing their security on a day-to-day basis, there are ways to ensure criminals aren’t able to get past the most vulnerable entry point of your organisation – the employee. Human error is involved in 95% of all security breaches, so creating a security culture and building a ‘human firewall’ is your best chance to avoid becoming the victim of the next major attack.

Employees’ casual mistakes lead to disaster all the time — and cost people their jobs. Educating humans to be cyber-aware is key to an effective cyber resilience strategy. Yet, according to Vanson Bourne and Mimecast, only 12% of South African organisations continuously train their staff with as many as 67% only training their staff once a quarter or less often. In the public sector, globally 14% of surveyed organisations said they trained their staff regularly with 72% saying they only trained their staff once a quarter or less.

In today’s fast paced working world, it’s easy for users to overlook the telltale signs of a cyberattack. Plus, they share everything on social media, which makes it easy for hackers to conduct socially engineered attacks. Many people still don’t even know how to identify a standard phishing attack so without adequate training you can’t expect them to identify cleverly designed targeted attacks like impersonation fraud or whaling. Cyber awareness therefore needs to become part of the culture so there’s little chance of individuals becoming the weakest link. To change security culture effectively, employees must know what to do, care enough to improve, and then do what’s right when it matters. This kind of culture is easy to implement so there’s no excuse for any organisation to overlook this essential component of cyber resilience.

What happens if disaster strikes?

Even if you have advanced security and cyber awareness entrenched in you culture, there’s always the possibility that one person is going to let their guard down. And with the hacker community growing and sharing new and improved ways to make their way in, you can never be certain that a threat won’t make it past your advanced security and human firewall. So, what happens when you do fall victim?

Email may be forced offline by a cyberattack, or purposely by IT to contain a threat. Either way, disruption to email flow can directly impact business operations and limit the ability to communicate. It might take hours or even days to get your system back up. Access to files held in the email system can be impacted, too. Organisations should therefore all consider a continuity solution that will keep their email system available, ensuring all employees are able to continue with business as usual. This will help prevent the loss of productivity that could result in losing money or being unable to deliver vital services.

Another issue to consider after a breach is how quickly you can recover data and other corporate IP after an incident or attack occurs. What do you do if your email is damaged, accidentally deleted, or if your data is held hostage by ransomware? You can only hope you have an adequate back-up system, or that you can go back far enough to recover what’s been lost. Organisations need to keep their data protected, but accessible for users. Leveraging an archiving service built for this can automate and simplify the process of recovering your email and other important data.

The bottom line

Any cybersecurity incident can have a serious impact on local service delivery and efficient functioning of local government departments. Cyberattacks are a very real threat and are increasingly difficult to manage, as the available skills are not keeping up with the demand.

It is therefore important for all organisations to ensure they follow these very important steps to help achieve cyber resilience. No organisation is too small and everyone is considered a target to hackers. And the public sector, who houses personal data of just about every individual in the country and is responsible for delivering vital services, should prioritise cyber resilience before it’s too late. 

By Brian Pinnock, Mimecast South Africa

comments powered by Disqus


This edition

Issue 68