• Home
  • /
  • Malware
  • /
  • Cyber security is business issue not technical one

Cyber security is business issue not technical one

Companies need to define the business problem of a possible cyber security breach, and recognise the need for multiple layers of defence.
Ethan Searle
By Ethan Searle, Business development director, LanDynamix.
Johannesburg, 27 Jul 2023
Ethan Searle, business development executive, LanDynamix.
Ethan Searle, business development executive, LanDynamix.

Cyber crime's annual impact on SA is estimated at R2.2 billion, according to an ITWeb article. We are said to be the eighth most targeted country in the world for ransomware, with more than half of South African firms impacted by ransomware in the past year.

The same article reveals cyber crime has been marked as one of the biggest risks for businesses in the country for the year, noting that businesses plan to spend 22% more on cyber security in the next three years. 

The actual issue is not how much more businesses should be budgeting for security upgrades, but rather how should they go about calculating what that spend should be.

Too many companies have an outdated approach to security and tackle the subject from a defensive position − trying to justify to financial and operational stakeholders the increased spending on new measures by expanding on the technologies needed.

This is not the right approach and will not persuade key stakeholders to part with hard cash. Companies need to shift their thinking to the real business issue and that is how much should they be investing, versus the potential damage of downtime, liability or reputation damage.

In the past, security was approached from the physical perspective of firewalls, patching, etc. WannaCry changed that.

Over a four-day period in 2017, the world experienced one of the biggest cyber attacks to date. It was later attributed to North Korea by the United States and several other countries.

Too many companies have an outdated approach to security and tackle the subject from a defensive position.

Within 24 hours, the WannaCry malware − a self-propagating and self-replicating ransomware cryptoworm − infected over 200 000 systems across 150 different countries and eventually caused estimated global damage of $4 billion, mainly from business interruption costs.

One would think WannaCry would have changed the fundamental approach to cyber security, but it hasn't. All too often, business owners or C-suite executives do not approach the issue as a business problem.

A modern approach to cyber security is proactive, multi-layered and an adaptive one that considers the evolving threat landscape and the increasing sophistication of cyber attacks.

An outdated approach to cyber security typically involves relying on traditional, reactive measures that are no longer sufficient in today's evolving threat landscape. These approaches are often characterised by a perimeter-based mindset and a reactive stance towards security incidents. These are some examples of an outdated approach:

Perimeter-focused defence is an outdated approach that emphasises fortifying the network perimeter with firewalls and intrusion detection systems. This approach assumes the network can be completely secured by keeping threats outside. However, with the rise of cloud services, mobile devices, artificial intelligence (AI) and remote work, the traditional network perimeter has become more porous and difficult to define.

Traditional anti-virus software relies heavily on signature-based detection, which involves matching known patterns of malware. This method struggles to detect new and sophisticated forms of malware that may use polymorphic or zero-day techniques.

Outdated approaches tend to be reactive rather than proactive, with organisations primarily focusing on incident response after an attack has occurred, rather than actively seeking to identify vulnerabilities and threats proactively.

In an outdated approach, user education and awareness are often overlooked. Training programmes for employees may be insufficient, resulting in a lack of awareness about potential risks, such as social engineering attacks or phishing attempts.

Companies need to define the business problem of a possible breach − what will it do to their business? Will it shut them down − even briefly − and what are the implications of that shutdown? Financial, reputational − both? Banks and retailers fall into the transactional category − downtime to them is business shutdown with incalculable losses.

Well-defined disaster recovery strategies are essential for all businesses, but particularly for transactional companies − they simply cannot go down for any sustained period. Shutdowns also carry reputational damage, loss of trust and erosion of competitive advantage, to name some of the consequences.

A modern approach to cyber security embraces proactive and holistic strategies to mitigate risks and protect digital assets. Here are some features of a modern approach:

A modern approach recognises the need for multiple layers of defence beyond the network perimeter. This includes technologies like network segmentation, zero-trust architecture and endpoint protection. It focuses on protecting critical assets at various levels and implementing security measures throughout the entire infrastructure.

Today, cyber security solutions employ advanced techniques like behavioural analytics, AI and machine learning to detect anomalies and identify potential threats. This approach enables the detection of previously unseen and zero-day attacks based on behavioural patterns, rather than relying solely on known signatures.

Rather than waiting for incidents to occur, modern organisations need to actively search for threats within their network environment. This involves continuous monitoring, threat intelligence analysis and proactive searching for indicators of compromise.

A modern approach to the issue also prioritises ongoing user education and awareness programmes. Organisations must conduct regular cyber security training to help employees understand common attack vectors, recognise phishing attempts and adopt secure practices. This helps create a security-conscious culture and empowers individuals to be active defenders against threats.

Finally, a modern approach is one that emphasises proactive incident response planning and preparation. Companies must develop and regularly test incident response plans, conduct tabletop exercises, and establish communication channels to ensure a coordinated and efficient response to security incidents.

In my next article, I will outline a solid business approach to the issue of cyber security.