Most local company directors incorrectly fear the regulatory backlash of cyber attacks as the Protection of Personal Information (POPI) Act, and the Payment Card Industry Data Security Standard, come on stream.
According to Rudolph van Rooyen, pre-sales security consultant at Axiz's Advanced Technologies division, they face a far greater challenge in the reputational damage they'll suffer considering most businesses take about 10 months to go from a breach to successful resolution.
He says the majority of organisations aren't even aware for up to the first 200 days that they've been breached. Even when they do discover the attack, there's often little they can do about it.
"They don't have the skills, so it's taking them 70 to 80 days to coordinate their response. By then it's too late. Forget the R10 million fine everyone's afraid of from POPI - in those 70 to 80 days, or worse, the 200 days prior when they're still unaware, their reputations could be destroyed and their businesses along with it."
A complex environment
Van Rooyen says cyber security is highly complex, particularly in an era dominated by rampant digital disruption, rapidly advancing technologies, ubiquitous connectivity, billions of Internet of things devices, connected utilities, and billions of mobile devices.
Due to this complexity and sophistication, he says organisations need to layer security as firewalls, gateway defences, and anti-virus by themselves are insufficient. Perimeter defences, endpoint security, and intelligence are needed to gauge what the threat vectors are and manage advanced attacks. He says human interventions must be minimised as they are still the weakest link.
Van Rooyen says a layered security approach minimises the risks for enterprises. Organisations must assess the scope of risk, and understand where they are vulnerable. Mobile devices, networks, and the cloud are ubiquitous. Businesses can lose IP inadvertently stored in a service like Dropbox, or an employee could pick up ransomware by using an unsecured or public WiFi network without adequate security on their device.
"Automated deployments and monitoring limit human interventions and ensure consistency of service. Health checks improve the surety of knowing that post-implementation changes do not inadvertently expose businesses or create opportunities for hackers to exploit. And it keeps an eye on the remaining top threat: social engineering, usually delivered via e-mail these days, that gets people to click an attachment or link."
Robust policy with intelligent software can protect businesses from malware, ransomware and other advanced threat vectors, he adds.
Database activity monitoring is also crucial. It analyses the vulnerabilities in the database so it highlights issues, such as where an administrator may not have followed best practice, where there are weak passwords to defeat brute force attacks, and it can protect against SQL injection.
He says data loss prevention is another issue. Many organisations are unaware where all of their data sits, due to factors such as cloud technologies and flash drives. Good security solutions automatically discover where the data sits and can be used to identify mission-critical and all other data classifications. Then the right policies and permissions can be established, and the flow of data controlled, whether on, or off premise.
"That layered approach gives businesses a solid foundation that sets the baseline for their modern security needs," he says. "It's already more advanced than what most businesses actually have today. So putting that foundation in place also makes it easier for hackers to try hack someone else's systems."