Surveying the South African cybersecurity landscape

Roy Alves

The business landscape is being reshaped by the process of digital transformation, which affects every sector, industry and organisations of all sizes. While this process is enabling companies to strategically employ technology to capitalise on new business opportunities, become more efficient, and empower their staff to be more productive, it is also creating new threats to businesses in the form of cybersecurity risks.

According to the Allianz Risk Barometer Report 2017, which identifies the most prominent threats for businesses, 38% of respondents listed cyber incidents as a top threat for South African businesses. This is not surprising since South Africa has the third highest number of cybercrime victims worldwide according to the report, with the country losing billions of Rand annually through cybercrime. Moreover, the country is experiencing more cyber-attacks compared to its counterparts on the African continent.

The report also noted the occurrence of cyber incidents such as WannaCry and Petya ransomware attacks, which brought significant financial losses to a large number of businesses. Another risk factor for South African businesses is the potential chaos that so-called ‘cyber hurricane’ events could unleash. During this type of attack, which is predicted to increase in frequency this year, hackers disrupt larger numbers of companies through targeting of their common infrastructure dependencies.

Companies with strong, hardened network paired with policies, processes, and people all proactively monitoring and responding to cyber threats and aligned with your organisation’s stated cybersecurity goals will be in great shape to avoid these kinds of cyber perils.

Businesses that don’t have this in place needs to consider taking the proper measures to avoid undergoing a cybersecurity crisis, as a network with poorly implemented security is very attractive to hackers and in many cases will lead to an accelerated spreading of viruses, malware and other cyber threats.

Assess and evaluate security

To assist with this, cybermature companies recommend a novel approach to cybersecurity. It involves organisations placing independent firewalls around small clusters of servers or userless computers in addition to the firewall around their entire network. In this way, if someone breaks into one cluster of servers, they will not be able to move laterally to access the entire network.

Additional steps may help you counter cybersecurity threats. The first of these is assessing security and evaluating the trustworthiness of users and devices is also important. As cybersecurity is becoming more dynamic, businesses are increasingly assessing security based on circumstantial factors. Depending on where you are, for example, your computer can be considered more or less at risk.

Trustworthiness varies with time and depends on what we know about the device and the user. For example, if the device does not have the latest patches, its trust decreases. If the user exhibits strange behaviour, such as logging in from London and then from Melbourne within a physically impossible timespan, their trust drops. If the trustworthiness of your devices declines, you will have access to fewer resources. Trust can be lost quickly and is often regained slowly.

To aid in this risk assessment process, resources are ranked in relation to the level of trust they require for someone to access them. In some cases, proprietary or sensitive resources require greater trust while, in other cases, how integrated these resources are with the entire network may require more trust. Furthermore, untrustworthy devices are now being isolated with micro-firewalls. Untrustworthy devices include those that were made by countries whose government are considered to be geo-strategic rivals of our liberal democracies.

Build a network of trust

The next step is to establish networks of trust. Security is all about building a network of trust. When it comes to putting devices on your network, each organisation must ask serious questions about whether or not the manufacturer and the business installing the device are trustworthy.

A good analogy to illustrate this is boarding an airplane. When security asks if you packed your bag yourself, the best answer is: “Yes, I packed my bag myself.” A not-so-good answer is: “Actually, it was my spouse who packed my bag.” In this case, the rest of us have to hope that your spouse loves you. But the really bad answer is: “No, my neighbour who is on the federal watch list packed my bag.”

It’s the same thing when someone wants to put a device on your network. You should ask: “Did you write the software yourself?” Generally speaking, the answer is: “No.” Then, you ask whether you know the person or people who wrote the software for this device. And, if the answer is “yes,” and it was written by a military/government agency of a geo-strategic rival of your government, then you should think twice about putting the device on your network.

Security is everyone’s responsibility. The goal of a company should be to not only implement security strategies for themselves, but to be cognisant of the “bono pastore” (meaning good shepherd) principle: We must protect the network.

The Internet is a precious resource, and, if we carelessly put devices on our network that cause a denial of services or worse for other Internet users, we are guilty of cyber-negligence. We should be working to improve the whole environment, by making networks and organisations more secure.

When we understand that we have a fiduciary responsibility to protect the Internet, which is as critical as our responsibility to keep the air breathable and water drinkable, we will make the Internet a more pleasant and safer place to live and work.