Companies today have to invest in different ways to become more threat-intelligent.
BizNis Africa interviewed Riaan Badenhorst, Kaspersky Lab Africa Managing Director to find out how businesses can secure themselves from cyber threats.
Q: What should C-Suite executives be concerned about when it comes to cybersecurity and the reality of cyberattacks across Africa?
A: There is a growing realisation among C-suite executives, operating in a hyper-connected world, that it’s not just internal security that businesses should be concerned with. It is the vulnerability of third parties – especially those connected to the company server –this has risen high up on the agenda.
The value of security has always been most apparent in hindsight, however many organisations are failing to grasp how much a breach could actually hurt them. Our research shows that companies find that information security incidents can have a negative impact on their reputation.
Considering this, it’s time for businesses to recalibrate the way they think about their security budgets. Seen as a separate expense to IT infrastructure, it appears hard to justify until disaster strikes. But understood as an essential part of the IT environment – including mobile devices and virtualized machines – its value is obvious, especially in the context of the damage and huge costs it can prevent.
Q: What does becoming threat-intelligent mean for African businesses and why is it so important?
A: In our experience, we have noted that companies spend 80% of their security budgets on trying to prevent security breaches and only 20% on predicting, detecting and responding to attacks. We believe that businesses need to significantly increase focus on the latter, while maintaining the high-level focus on prevention.
Simply put, a dedicated focus to both protection and prevention would be considered threat-intelligent.
Being aware of the realities of cybercrime – knowing that the business can be adversely affected and as such making sure that the correct, proactive approach to IT security is taken, will ensure the business is protected and threat-intelligent. This means decision-makers need to be informed about cybercriminal tactics in the market and as such prioritise security needs – as ignoring them may cause larger problems. Businesses need to embrace a more pro-active strategy to IT security in the digitised world. The consequences to not doing so are dire and well documented.
Q: What are African businesses missing when developing their security budget and strategy, and what becomes important to consider?
A: Many organisations are missing the four distinct and universal phases of cyber security, namely, Prevention, Detection, Response and Prediction. If organisations want to make a real impact in this space, then they need access to tools and intelligence that will enable them to discover and immediately block highly sophisticated malware or attacks – at any stage of their development. Cyber security is as much a defensive strategy as it is an offensive one.
Prevention – which is better understood as a phase mostly covered by technology: you have to block each and every one of the generic threats that are emerging at a rate of 310 000 a day.
Detection – is a phase where sophisticated and targeted attacks become more complex: it requires advanced tools and expertise, but more importantly, requires time to identify the indicators of attack, spot an incident, investigate it and mitigate the threat.
Response – the latter phase which is covered by the unique skills of forensic experts are needed the most.
Prediction – the future attacks, and understanding the attack surface, defines the long-term strategic defence capabilities of a company. This is done through running penetration testing and other kinds of security assessment.
Q: IT security is a process not an overnight fix – are many African companies still making it far too easy for attackers to gather information?
A: Companies must get better at making hacking corporate networks complicated and costly, as cybercriminals go where there is value and will stop at nothing to create latest malware (or specific softwares) to attack any big or small business. The attackers adjust their tactics to their target’s behaviour. In line with this, we advise financial organisations (and businesses as a whole) to check their systems for the presence of these threats and to implement the following measures:
- Make sure you have a corporate-grade internet security suite capable of catching exploits generically, such as Endpoint Security.
- Instruct your staff not to open attachments or URLs in emails sent from unknown sources.
- Use the most recent versions of software on endpoints in your company. Avoid using software known to be vulnerable. To automate these tasks use Vulnerability Assessment and Patch Management solutions.
- Subscribe to a professional threat intelligence service to get instant access to actionable information on the most recent cyberattacks which may target your organisation.
- Educate your staff in cybersecurity. Invest in the education of your security staff so that they are able to identify a possible virus/malware issue on their own and therefore protect your organisation from sophisticated targeted attacks.
Q: Breaches can harm business and impact brand perception – how can business be better prepared and introduce a solid security process?
A: Cyber-attacks, these days, can almost be considered as inevitable, with breaches happening more often and without companies even knowing – until the damage is severe. Any company can become a target of a cyber-attack and that is why cybersecurity considerations should be just as important, as management ones.
The cost of a security breach is always higher than the cost of protection. As a company grows, its corporate IT infrastructure expands accordingly as new elements are incorporated. For example, mobile technologies now enable employees to work remotely making a business more flexible; however, this also places a significant additional burden on the security infrastructure.
The fact is that the more elements there are in an information system, the more vulnerabilities there will be. Therefore, as business processes become more complex, the IT infrastructure must adapt to include security tools and a more systematic approach to security, otherwise it is only a matter of time before an incident occurs, which can take days to mitigate. And businesses need to ask themselves if they are able to manage if they are attacked and their internal information is compromised?
So where do you start?
Firstly, you need to choose a reliable and comprehensive security solution that will make it easier to protect your IT infrastructure. The right security solution offers tools that include device security for different operating systems, traffic filtration, and relevant software updates. Secondly, once the solution is in place, work with the specialists. The more complex the infrastructure, the higher the degree of expertise required to manage the security. Appropriately-skilled specialists will be able to service your information system proactively or a third-party partner with deep IT expertise who will be able to help in an emergency.
Furthermore, it is also important for a business to ensure that they have a strong security policy in place, one that educates staff on the realities of IT security, and of course provides the right outline to employees on what they can and can’t do, when it comes to IT security and operating mobile devices.