Businesses change and grow every day – as do the environments in which they operate, the constraints on their budgets and the threats they face. This is particularly true when it comes to cyber crime, which has the potential to be one of the most costly line items on a business’s balance sheet if it’s not properly addressed.

The most common cyber threats in South Africa are related to financially motivated cyber crime, such as crypto mining carried out by self-spreading malware, or by coin-miner modules dropped by malware. Those sound complex and like they belong in a different world to South Africa, but the digital world is global and pays no attention to man-made borders.

Along with ‘living off the land binaries’ that lurk in the background harvesting data, these cyber attacks mostly land up in a network or system when a user downloads a ‘cracked’ version of legitimate software, or they download something that looks like the software they intend, but it’s cleverly disguised malware.

Carlo Bolzonello, South Africa country lead for Trellix.

These clever disguises are what make them so lethal in a business context, because many of them look like the tools that system administrators themselves would use. While some types of malware just lurk in the background and possibly harvest personal data such as banking details or corporates’ competitive information, others have a far more instant effect.

For example, we came across a Russian origin disk wiper malware recently that quietly sat in the background, undetected by its host’s cyber security system. Once activated, that malware effectively destroyed everything on its host computer in 15 seconds – including its operating system and all data.

It’s true that new threats emerge every day, and many South African organisations that have prioritised the purchase of cyber security systems have chosen their solutions according to the specific types of threats that they are most concerned about. This can be a costly exercise, not only in terms of the spend on the solution, but in terms of the skills and human resources needed to manage them effectively.

Compared to its global counterparts, South Africa’s banking sector is extremely advanced and competitive, making it a target for industrial espionage, data theft and identity theft, among others.

Our utilities sector is vulnerable to attack, particularly to ransomware. Imagine the consequences if that were to fall victim to that malware that destroys computers in 15 seconds – the whole country would be plunged into darkness!

In addition to there being just one electricity utility that generates most of our energy, each metropole has its own organisations that re-sell electricity and water to their residents, each with its own deep databases that hold customers’ personal and financial information, making them prime targets for cyber criminals.

In the media sector, media platforms are vulnerable to cyber criminals who want to gather data about their readers or use their platforms to spread malicious content.

These are all real challenges faced by organisations that have to keep tight controls on budgets in a cash strapped environment – and that simply can’t afford to capex new cyber security interventions every time there’s a new threat on the horizon, or in their inbox.

That’s why an extended detection and response (XDR) cyber security architecture that uses machine learning and automation that evolves and develops just as fast as cyber security threats evolve, gives organisations a holistic view of their cyber security status, along with the tools they need to respond quickly when a threat is identified.

For example, the Trellix XDR platform offers tools that span security information and management; security orchestration, automation, and response; and user and entity (business) behaviour analytics.

This approach to ‘living security’ means that organisations have a greater level of resilience to threats – without having to expand their internal cyber security teams. Because companies and their IT systems are living, constantly evolving environments, XDR makes it easier to manage cyber security and to respond quickly and effectively to threats before they cost businesses money – in hard costs, opportunities and reputational damage.

Another key advantage of adopting an XDR approach is that it is open and integrated, and can leverage the tools that an organisation already has in place. That’s why we engage with each client to understand the maturity of their cyber security infrastructure. After that, we work with them to deliver tangible tools and opportunities to leverage the best possible protection, while still honouring the contracts and commitments they have in place with other security providers.