With COVID-19 and remote working, transformative change looms for cybersecurity in South Africa, writes Lukas van der Merwe, Specialist Sales Executive: Security, T-Systems South Africa. However, there is a risk that many organisations may be left behind in a caterpillar-like approach, while others could remain in the pupal state, overwhelmed by the complexity of the challenge.
Those that emerge from chrysalis and can adapt and leverage the new cybersecurity landscape will be better prepared to grow sustainably in an increasingly digital world. As we navigate 2020 – COVID-19 outbreak with lock-downs, and its effect on business operations, we must accept that: cyber threats are increasing in sophistication and frequency, the attack surface of companies has expanded far beyond the traditional enterprise perimeter, cybercriminals are resourceful, professional, persistent and well-funded.
IT has evolved to be more digital and disruptive change is now the norm. Cyberattacks now regularly bring businesses to a standstill in South Africa and globally.
Against this backdrop, modern cybersecurity must become integrated at every business level. It needs to evolve into a pervasive and active presence, ensuring operations and data integrity are not disrupted, as it is vital that IPs remain confidential and customer privacy is protected in accordance with regulations.
Connected devices on the rise
In a digital world, with billions of people and even more devices connected to the internet via private, public and corporate networks, cybersecurity has become a priority concern. This is as the frequency and sophistication of attacks are increasing exponentially year on year and an attack or breach is inevitable. WeeTracker recently reported that hackers taking advantage of the COVID-19 pandemic and consequent lockdown and remote working attacked up to 310,000 devices during the 1-week period of 15-21 March, by far outstripping the weekly average of 20,000 to 30,000.
As highlighted by IBM’s 2019 cost of a data breach report, conducted by the Ponemon Institute, the key contributing factor to the cost of a data breach is time – time to detect and time to respond. Protection, while vitally important, is not enough. More focus should be placed on an organisation’s resilience post attack/breach. According to this report, the cost of a data breach remediation takes on average 231 days in South Africa, of which 175 days represents the time to identify and 56 days to contain.
Advanced Cyber Defence enabled by Security Orchestration Automation and Response (SOAR) technology, combined with Artificial Intelligence, offers organisations an opportunity to detect and respond much faster, limiting the extent and the cost of a breach.
According to Gartner, a mere 15% of South African organisations will use SOAR technology in 2020. For some the shortage of skills are prohibitive and for many it is the associated costs. However, SOAR technology could reduce the extent and cost of cyber events exponentially, turning weeks or months into hours or even minutes.
Security automation saves costs
Organisations that had not deployed security automation experienced breach costs that were 95% higher than breaches at organisations with fully deployed automation ($5.16 million without automation vs $2.65 million for fully-deployed automation), according to the IBM report.
In terms of Cyber Security, this represents a difference in financial risk of millions vs thousands of Rands. For example, a local organisation suffered a ransomware infection that caused 3.5 weeks of production outage in 2019. A few changes in policy and an injection of technology would have reduced the impact to hours or even minutes.
Cyber security technology is evolving continuously, but simply installing more technology in the absence of holistic corporate risk and data management does not improve resilience. Technology should simply enable an organisation’s policies that support processes and governance.
Being more agile and innovative in assessing risks is an opportunity to increase in cyber resilience. The traditional approach of point in time or annual cyber security assessments should not be the standard mode of operating.