Zero-impact cybersecurity: are you prepared for the post-Covid-19 landscape?

As countries around the world struggle to contain the spread of Covid-19, cybercriminals are wasting no time trying to exploit potential vulnerabilities resulting from the lockdown that has confined most people to working remotely, with relatively less secure devices.

Cybersecurity company Kaspersky Lab reported a huge spike in network attacks in SA between March 15 and 21, with hackers attacking up to 310,000 devices during that one-week period — an alarming increase over the normal weekly average of between 20,000 and 30,000.

In a digital world, with billions of people and even more devices connected to the internet via private, public and corporate networks, cybersecurity has become a priority. T-Systems estimates that the world will see 50-billion connected internet of things (IoT) devices by this year.

In addition, to flatten the pandemic curve, governments globally continue to implement lockdown and social distancing, forcing larger percentages of the workforce to connect remotely. Lockdown will leave a lasting impact on how we work, and requires a complete revision of how corporations view and address cyber risks.

Before the outbreak, SA was on the brink of a huge transformative phase in cybersecurity. The imminent introduction of the Protection of Personal Information Act (Popia) and cybercrime legislation, as well as a continued digitisation drive from business and the availability of cognitive technologies, are paving the way for corporations to emerge victorious from the chrysalis. There will be greater focus on effective detection and response, while maintaining sophisticated protection in their cybersecurity DNA.

However, the outbreak greatly accelerated the digital workplace and the lockdown forced companies to enable employees to work remotely. The risk is that many organisations may be left behind in a caterpillar-like approach, while others may remain in the pupal state, overwhelmed by the complexity of this challenge.

Those who emerge from the chrysalis and are able to adapt and leverage next-generation technology underpinning advanced cyber defences, will be better prepared to grow sustainably in a digital post-pandemic world.

Keep in mind that technology and the security controls it enables do not inherently offer protection; cyber resilience requires a holistic and proactive approach, owned at the highest levels of an organisation.

With data classified and risks assessed relative to the specific business, T-Systems can advise on the appropriate controls and supporting technology to be deployed.

Lead from the top

• For security to be effective, the leadership team must support and sponsor all initiatives, demonstrating to the organisation the importance of strong cybersecurity practices;
• A board member should be accountable for ensuring the security of the organisation — this could be a chief information risk officer or chief information security officer; and
• Employee cyber education is imperative, and should be entrenched in standard operating policies and training throughout the year.

Understand the risks

Fundamentally, we need to know what we are trying to protect — our corporate IP (for example, for an oil company this would be geological data, refinement processes, etc). Thereafter, the risk to this IP can be determined, whether from external attack or insider threat, in all its guises. This helps to determine a defensive value, or the consequence of a loss of this IP — and the size of the security budget can be determined.

Assess the present defences

• What is the maturity of our current cybersecurity defence? Do the pieces interact without issue, or do we have a number of different vendor solutions operating in isolation?;
• What is the perceived effectiveness of current defences: unless you regularly test the defences, this is probably an unknown. If you are operating discrete vendor solutions, chances are the effectiveness is low; and
• This analysis shows a clear picture of the current security defence landscape, and where the gaps are.

Devise a holistic strategy

With the current landscape understood, a risk assessment can be built to determine where investment is needed. This allows the construction of a holistic and cohesive security strategy with all elements interacting to provide true threat intelligence and response. This all starts with a simple journey to understand whether the current organisational defences are effective.

Cyber resilience is much more than a defensive strategy and requires earlier detection and rapid response in the event of a breach. In a data-driven digital economy, with cyberthreats increasing both in frequency and sophistication, SA is no exception and definitely not immune.

The lockdown resulted in more employees working remotely using less secure devices and networks, worsening the already significant threat. This is likely to become the new normal and while the initial focus was on access and productivity, we now have to address long-term sustainability and security aspects.

Next-generation technology such as security orchestration automation and response, artificial intelligence (AI) and advanced threat-hunting can greatly assist, but less than 15% of corporations in SA has this deployed.

T-Systems has operated a security operation centre in SA since 2010, offering advanced cyberdefence services, using the latest technology that integrates AI, orchestration, automation and threat-hunting capability.

The centre forms part of its managed cyber defence services that consists of:

• SOC/SIEM, testing and vulnerability scanning services;
• network security;
• application and cloud security;
• endpoint security, identity and access management; and
• IoT and industrial control systems security.

For more information, e-mail communications specialist Thamsanqa Malinga on Thami.Malinga@t-systems.co.za, call 011-254-7400/083-301-7878 or visit the T-Systems website.

This article was paid for by T-Systems SA.