Risk is just a click away. In a world where cyberthreats run rampant, organisations need to shift security gear and strategy.
Data, email, video conferencing, document management, accounting – everything the business needs is at the end of a keyboard. Everything is accessible online. It is the era of connectivity with opportunity, business, and employees working from anywhere, at any time, on any device. However, it is also the era of risk, where any click could be the one that tears down the fragile walls of security and unleash havoc for the company. Today, when regulations and legislation enforce compliance on the global stage, it has become critical that organisations pay close attention to security. As Charlie Luis, Research Manager: Security and Software for Sub-Saharan Africa at IDC points out, the security landscape has evolved at speed, introducing increasingly sophisticated methods of attack that are succeeding more often than ever before.
“Those determined to penetrate an organisation’s defences and security infrastructure are becoming more resourceful and successful,” he adds. “This increase in attacks and the changes to how the world now works lives and connects, calls for organisations to adopt new security strategies at speed. This is the time to shift focus, to change security gears, and to ensure that every part of the organisation is protected, from the top right down to the end-user.”
The cybersecurity threat landscape is not introducing anything new. It’s still data breaches, social engineering attacks, critical infrastructure attacks, hacks, and ransomware, but these are evolving in their complexity and capability. The attackers are also using artificial intelligence (AI) and machine learning to streamline and power their tools. They are also using intelligent threat vectors and smart tools to catch the unwary and fool the systems. It’s a war that wages back and forth between the security system and hackers, and it cannot be won with complacency.
“The threat faces organisations of all sizes, not just enterprises, and more than 71% of security breaches are financially motivated which makes ransomware one of the most popular in South Africa right now,” says Luis. “Our ransomware attacks are second only to the USA and it looks like these are unlikely to slow down any time in the near future.”
Ransomware is a challenge, one that requires infrastructure and training to mitigate. Another is the reality that many organisations have critical security misconfigurations that they are not aware of thanks to the new reality of managing across cloud and hybrid environments and on-premise environments and applying different rules to each. This significantly increases the security risk and the challenge to the organisation. Then, let’s not forget the pandemic.
“The past 18 months have shone a spotlight on the limitations of current systems based on standard methods of security,” says Luis. “With most people working from home, the pandemic required that IT resource access was changed as well as how it was secured for users and clients. This is further complicated by the fact that many companies were at different stages of their cloud strategies when the virus hit so their jump online differed from application to system to solution. This meant that security also moved with the business and this hasn’t always been an easy move to make.”
Cybercriminals took advantage of this disruption and the unexpected vulnerabilities that arose as a result of rapid moves to cloud infrastructure. The rushed procurement of IT products and services to accommodate a fresh and shiny remote working landscape meant that many companies rushed their security – they had to keep the lights on, virtual or not, to ensure they stayed in business. Some kept security in place, some dodged one or two security steps, some side-stepped their security systems entirely. Most opened up new vulnerabilities and introduced significant risks.
“Today, security is more than system and end-user, it is an ongoing process of identifying and assessing and defending from all risks,” says Luis. “The list is endless but the basics should always include strong antivirus and web filtering software, strong password policies, multi-factor authentication, vulnerability assessments, system patches, data backups, and updated systems.”
Cybersecurity is finally getting the attention it deserves but for all the wrong reasons. It has put livelihoods and reputations at risk. It has leapt into vulnerabilities and taken advantage of global uncertainties. But, today, organisations have to look at it as more than just a reactive solution but as an inherent part of the organisation’s strategy, spend, and focus. That is the only way to ensure that cyber risk is properly managed to reduce the chance of an attack.