City held to ransom: how to safeguard your network from attack
Holistic solution suite and ongoing updates and maintenance required, says Networks Unlimited Africa
In the wake of last week’s City Power ransomware attack, ongoing vigilance, maintenance of systems and a holistic approach to security remains vital for critical infrastructure entities. This is according to Stefan van de Giessen, general manager: cybersecurity at value-added distributor Networks Unlimited Africa.
Van de Giessen says: “Security needs to have a layered approach, ensuring each level is protected with effective technology. A systematic, unified, layered posture ensures all attack vectors are covered. An effective IT security ecosystem involves the holistic consolidation of tools and intelligence, and analytics should feature strongly in the technology deployed to protect the network.
“Building a next-generation security solution should include various products that complement each other, starting with perimeter protection, end point and secure e-mail solution. Having these three is a vital start to your security posture. Once your baseline is established, we need to look at how at how we protect against unknown threats, encryption of your data and ultimately deploy decoys in your network to lure hackers off your network. We advise adopting a phased approach to developing a layered posture due to cost and the complexity of management.”
Van de Giessen outlines this phased approach as follows:
- Investing in a next-gen firewall (NGFW), next-gen anti-virus (NGAV) with EDR capabilities and a secure e-mail solution is critical in securing against the most prevalent attacks. It is vital to make sure, when choosing your vendor of choice, that they have been tested by third parties such a Gartner and NSS Labs to ensure security effectiveness.
- Protecting your applications that are Internet-facing and transacting with customers online: a Web application firewall (WAF) and a secure payment gateway will ensure these applications and Web sites are protected, and comply with PCI, POPIA and GDPR compliance, irrespective of whether these are on-premises or in the cloud. Onsite and offsite backups are best practice.
- User education and training is essential in making sure that employees are able to recognise and respond accordingly to suspicious and malicious activity. This also means any threats that bypass security measures are picked up at the last line of defence.
- Having an advanced threat protection (ATP) strategy has become necessary as malware and threats are evolving constantly, making it hard to rely on a known signature alone. The need to include an ATP product in your security structure is now more relevant than ever to ensure we can stop zero-day attacks.
“It is never easy for an organisation to admit to a cyber security breach and we applaud City Power for its honesty in owning up to the reason for their systems outages, as well as for not paying the ransom demanded by the threat actors. At the same time, it should be noted that in being transparent, the organisation also acted according to compliancy principles as outlined by the European Union’s General Data Protection Regulation (GDPR) and South Africa’s Protection of Personal Information Act (POPIA).
“The phased security posture advice outlined above applies to on-premises, cloud and hybrid environments. Additionally, device, operating system, software and policy updates should be carried out regularly and stringently to ensure no vulnerabilities can be exploited,” concludes Van de Giessen.