Holistic approaches, Zero Trust needed to mitigate growing cyber risk

In the face of soaring cyber crime, organisations need to be taking more proactive, holistic approaches to security, with managed security services and Zero Trust becoming increasingly important to support business resilience.

This emerged during a webinar on Enabling business resilience, hosted by Gijima with ITWeb this week. Lukas van der Merwe, cyber security expert and specialist security sales executive at Gijima, said resilience - the capacity to recover quickly from difficulties – was crucial for business today, and cyber crime was a serious threat to resilience.

“The threat landscape is continuously evolving, and the rate of change has accelerated over the past two years. In our engagements, we have observed continued accelerated digital transformation through 2021, and this rate of change will present challenges for security,” he said.

“This means a holistic approach to securing data is needed. Beyond prevention, organisations need more visibility and control. Prevention remains important, but in order to be resilient, we need to focus more on detect and respond capabilities. Time is of the essence, and the longer it takes to detect and respond to an attack such as ransomware, the higher the cost of the breach. In the case of ransomware, I believe detection and response should take only minutes,” van der Merwe said.

Polls of webinar participants revealed that 33% had experienced a data breach in the past 24 months, while 27% did not know whether they had. Most participants said they were not well equipped to detect and respond to a breach, with 52% saying they only partially had the ability to do so, 8% saying they did not, and 8% saying they did not know if they did. When asked what they believed would be the top factor to reduce the financial impact of a data breach, 50% said managed security services, while 17% said encryption, 14% said an AI platform, 10% said incident response testing and 7% said cyber insurance. Sheldon Hand, Security Business Unit Leader at IBM Southern Africa, said: “Response and recovery is becoming more important than protection. IBM Security’s mission is to help customers identify and protect what’s critical to business. You can’t save everything, so organisations must identify critical systems and data first, and put in controls to protect that.”

Hand said: “Budget and resources are always a challenge, along with massive digital transformation, a move to remote workforces, the shift to hybrid cloud, growing regulatory and privacy demands, and evolving cyber threats.” In addition, organisations are giving more and more access to information to stakeholders connecting from multiple devices, he noted.

“Traditional approaches to security can’t keep pace with the changes,” he said. “A challenge is that most organisations don’t even know they have been breached until they find their information on the dark web. It takes an average of 252 days to detect and contain a breach globally, and in South Africa, it takes 228 days to detect and contain a breach.”

Hand said ransomware had become a particular challenge, affecting many small and midsized companies that did not have the resources to put in the right controls. “We see those organisations are often hit multiple times, because criminals know they will typically pay up because they don’t have any choice,” he said. “It has become very difficult for security professionals to not only keep the lights on, but also to protect the future in a changing organisation. Security is an iterative process and you never arrive at a destination. It needs governance and a continuous improvement cycle,” Hand said.

“IBM believes you have to have a plan: a modern Zero Trust approach to advance the business. With Zero Trust you establish least privilege, verify continuously and assume the worst,” Hand said. He said a Zero Trust approach to security delivers real business outcomes such as faster cloud adoption, more productive employees, improved business continuity, and enhanced trust and customer experience - adding that organisations with the most mature zero trust capabilities derive the greatest business and security benefits from their approach, enjoying reduced expenditure, more return on their cloud investments and an ability to invest more in upskilling their cybersecurity resources.

The IBM Security Shield is an open and unified approach to Zero Trust that puts security everywhere, allowing organisations to align security strategy with the business; protect identities, data, apps, endpoint and cloud; manage defences against growing threats; and modernise the security architecture. IBM’s Cloud Pak for Security is an open platform to accelerate the journey to Zero Trust, with a set of platform services that integrate with existing solutions to stitch together complex security tooling landscapes. It enables organisations to respond faster to security incidents with AI and automation built in. Hand noted that IBM is working on future security with a focus on addressing weaknesses in AI systems and infusing AI and machine learning into tools; as well as the potential for Blockchain in security – for example using a federated platform for anonymous sharing of threat data; quantum-safe cryptography with lattice cryptography to protect organisations from quantum-enabled hackers; and securing the ‘World of Things’ with cryptographic algorithms and protocols and key management to enable end-to-end IoT security. He also noted the news that IBM has announced its intention to acquire ReaQta, which would ensure IBM delivers security with an open approach that extends across disparate tools, data and hybrid cloud environments. ReaQta's endpoint security solutions are designed to leverage AI to automatically identify and manage threats and this acquisition will expand IBM's endpoint detection and response capabilities and enable it to provide a full-stack extended detection and response (XDR) platform.

Van der Merwe highlighted the Gijima Advanced Cyber Defence managed security service, which delivers a complete and holistic security service offering to enable business resilience, with customers only paying for what they need. “There is no need for organisations to attempt to build advanced protect, detect and response capabilities on their own – MSSPs do that for them,” he said.

Listen to the webinar recording here.