Security must be at the forefront, the security lead advises.
According to Boland Lithebe, security lead at Accenture Africa, “For every new piece of technology introduced and as much as technology improves, there is always an element within technology that is exploited by cybercriminals.” This, he says, could be criminal in nature, activist in nature, or national in nature. As a result, each technological evolution brings a new vector to exploit that technology for nefarious purposes.
Ransomware in all forms
Ransomware comes in different forms, including Industrial espionage, which is the traditional stealing of data, or extortion, where criminals steal data and force companies to pay a ransom in order to retrieve that data. Another form of ransomware is where criminals encrypt critical data to the operations of a business and request that a ransom be paid in order for that data to be released.
On the operational technology side, mainly in big businesses such as oil and gas, energy or mining that have industrial control systems, criminals target companies’ operations by using different penetration techniques. However, there are several ways organisations can protect themselves, says Boland.
“It starts with monitoring. Organisations need to understand that it is very difficult to protect or defend your assets, if you don’t understand where your assets are, how they are configured, and what purpose they serve within the organisation,” he says. “Asset management and security monitoring of those assets is vital. Essentially you’re going back to the basics of information security.
“In addition, patch management ensures that known vulnerabilities are closed, ensuring that systems are hardened and ports are closed to make an attack very difficult,” he adds.
Boland also points out that organisations need to focus on resilience. “You can implement all the defensive tactics you want, but the organisation needs to consider what they will do if those tactics fail,” he says. “The organisation needs to think about the continuation of operations, which can be achieved through backing up critical systems and ensuring redundancy on networks. They also need to think about business resilience.”
Boland believes that the most critical point in information security is education and awareness. “You can have world-class technology deployed across all your end points, but if your users are not aware of how they should be using the electronic assets of the organisation, then the technology that has been deployed will not help. The users are the last line of defence in information security: they can either compromise an organisation or assist the organisation in staying protected and there are many examples of users who have spotted the unusual on their desktops and sounded the alarm.”
User awareness is critical to the success of any organisation in terms of cybersecurity because without that, organisations stand no chance in defending themselves against an attack, notes Boland.
Cloud is not as secure as you might think
According to Boland, the notion that the cloud is secure is misplaced and it is for that reason that many organisations have been attacked by criminals using their cloud platforms as an entry point to gain access into the organisation. “Cloud by default is not secure, it’s a platform that one can acquire to deploy applications and systems, but it still needs security and someone to look at the environment and think about how to properly secure it,” he says.
And as the number of South African organisations who have migrated to the cloud increases, they have to be cautious about not migrating without properly understanding the configuration that they are implementing in the cloud, warns Boland. “I’ve actually attended to a number of incidents where customers went to the cloud, misconfigured their workloads and enabled access to their networks through the cloud and were attacked,” he recalls.
Boland points out that organisations need to understand that the same amount of security that you apply on premise, needs to be applied in the cloud from a security perspective. For instance, organisations should consider applying multi-factor authentication for applications and platforms in the cloud.
“The very same strict regime organisations have been implementing on their on-premise infrastructure also applies in the cloud and should even be stepped up,” argues Boland.
Cybercrimes are notoriously difficult to prosecute, notes Boland and as such, organisations should focus on prevention rather than seeking prosecution. “Prosecution – or rather the successful prosecution of cybercrimes – is few and far between because cybercrimes are multijurisdiction crimes and it’s difficult to identify the perpetrators. Cybercrimes are not crimes committed by one individual: these crimes are committed by groups of criminals. There are also group dynamics of new groups surfacing and old groups disappearing – in-fighting between group members, or groups disbanding right before being apprehended,” he says.
On the other hand, you have cybercriminals who have decided to release trade secrets after falling out with their group members. “If you’re fortunate enough to identify the group, you now have the difficult task of figuring out who each group member is,” he explains.
Therefore, law enforcement should be the last resort for any organisation; they should rather put better protection mechanisms in place that can test resilience against cyberattacks and conduct regular assessments.
Boland notes that as many businesses have undertaken the journey to cloud, working from home has also contributed to this migration, but has also created an opportunity for cyberattacks. “These dynamics continue to add new threat vectors into the cybersecurity space, however organisations need to be prudent when they adopt any new technology. The security must be by design and not be bolted on ─ for every new piece of technology introduced, security must be at the forefront,” he concludes.