Johannesburg, 07 Sep 2023
In the ever-evolving landscape of cyber security, it's evident that we're no longer facing the hackers of yesteryear, but a formidable breed of modern adversaries. As the Head of Cyber Security at NEC XON, I've witnessed the transformation from hooded hackers to a sophisticated dark economy that poses unprecedented threats and is run like a business. The question isn't whether you have security measures in place, but rather where your vulnerabilities lie.
Today's adversaries demand a disruptive and ruthless response, or businesses risk severe consequences. A recent incident involving the South African Department of Defence serves as a chilling reminder, where a ransomware group publicly flaunted stolen data as proof of their capability. When signs of a threat actor emerge, defenders must act decisively. To counter these threats effectively, organisations need to adopt a multi-faceted approach. Here are six high-level steps (based on my daily experience as a cyber security leader helping large organisations) to bolster your cyber defences:
1. Create risk-based cyber security awareness: In an era of advanced security solutions, adversaries seek the path of least resistance. Unfortunately, that often leads them to exploit the human factor. The weakest link and biggest attack vector in your defence chain is your workforce. Different departments require varying levels of training due to their interactions with potentially untrusted external parties. Finance, procurement, sales, legal, logistics, PR and marketing teams are all susceptible to social engineering. IT personnel, holding elevated privileges over critical business systems, demand even more intensive training.
2. Reduce perimeters: Threat actors are adept at pinpointing weak entry points. By reducing your perimeter and minimising internet-facing systems, you inherently limit their attack surface. Regular hygiene controls and stringent measures can make infiltration costly and complex. Defenders regain control by focusing on making it exceedingly difficult for adversaries to breach their defences. The age-old concept of massive walls and gates in cyber security still holds value, but modern adversaries seek to steal the remote rather than breach the gates – it’s much easier to get in that way.
3. Extend multi-factor authentication across your estate: Multi-factor authentication (MFA) is an indispensable tool that must be extended to all applications, regardless of their location (cloud or on-premises). This strategy thwarts cyber attacks even after unauthorised access is obtained. MFA not only restricts movement within your IT estate but also enhances the ability to detect intrusions. Suspicious activity can be flagged early, offering defenders an upper hand.
4. Use endpoint detection and response (EDR): The age of sophisticated administration by modern adversaries demands a shift from traditional malware-focused detection to anomaly and behaviour-based approaches. EDR solutions detect anomalies in asset behaviour and alert cyber security teams promptly. Adversaries often mimic legitimate user actions, rendering standard detection measures inadequate. Behaviour-based detection detects abnormalities beyond malicious software, expediting response times.
5. Implement a multi-faceted privileged access strategy: Privilege-based access limits the blast radius in case of a breach. By closely monitoring and sealing unauthorised pathways, you confine them to a controlled environment. Role-based access significantly hampers their movement, as each identity is restricted to systems relevant to their function. Even if an adversary gains access, their ability to navigate and cause damage is severely restricted.
6. Deploy a defence-in-depth architecture: A robust defence-in-depth architecture establishes a symbiotic relationship between prevention, detection and response. An attacker bypassing a specific prevention measure doesn't equate to successful compromise. Effective detection and swift response can mitigate the impact. This approach also reduces the blast radius of an attack and limits communication between the threat actor and compromised machines.
In summary, cyber security is fundamentally about risk management. As demonstrated by a recent incident involving Uber, overlooking even a single aspect, such as internal multi-factor authentication, can result in severe consequences.
The dynamic nature of threats necessitates continuous strategy refinement. While building a robust perimeter is crucial, understanding the modern adversary is equally vital. Their goal is not to breach your defences, but to silently steal the keys to your kingdom. Incorporating these strategies fortifies your defences by narrowing attack vectors, bolstering employee awareness and establishing responsive measures. In the world of cyber security, it's not a matter of if but when an attack will occur. The key lies in being prepared and resilient in the face of adversity.
NEC XON is a leading African integrator of ICT solutions and part of NEC, a global Japanese firm. The company has operated in Africa since 1963 and delivers communications, energy, safety, security, and digital solutions. It co-creates social value through innovation to help overcome serious societal challenges. The organisation operates in 54 African countries and has a footprint in 16 of them. Regional headquarters are located in South, East, and West Africa. NEC XON is a level 1-certified broad-based black economic empowerment (B-BBEE) business. Learn more at www.nec.xon.co.za.