Cyberattacks can take years to recover from, but most businesses aren’t doing enough to protect themselves. We have to move away from thinking that protection, detection and response is enough, writes Tony Walt and Mauritz Grobler at Dimension Data.
Many South African organisations have already suffered from cyber-related compromises, especially with the chaos caused by COVID-19. This has a crippling effect on businesses, particularly at a time when the economy is contracting and business confidence is low. Unfortunately, these attacks will likely increase in severity and intensity. Traditionally, insurance, finance and retail were among the most targeted industries. But with the pandemic sweeping across the globe, industries like healthcare and education are becoming increasingly attractive to threat actors, too.
It’s not by chance that global healthcare facilities were targeted as early as January 2020, especially in countries reporting an increase in COVID-19 infection levels. The NTT 2020 Global Threat Intelligence Report (GTIR) shows how the pandemic has spurred a marked increase in phishing campaigns and malware infrastructures like Trickbot and Lokibot. By leveraging COVID-19, these attacks play on our fear and uncertainty under the guise of offering helpful information from official sources like the World Health Organization. We should not be ignorant: this is what cyber-attackers do, finding any available advantage to gain an entrypoint into an organisation.
These risks have risen across all industries. As the global lockdown shifts the world of work and more people do their jobs remotely, businesses face new structural and operational threats. Most networks aren’t designed to support mass decentralisation – they’re built for workforces who sit in offices, protected by a network perimeter that no longer exists. And businesses often aren’t set up for monitoring and patching remote systems. It’s not enough to implement a VPN and hope for the best, because phishing attacks target the end user and companies tend to lack the required controls to secure a user’s identity and prevent lateral movement in the destination network.
Our new work-from-home world means that access policies and protocols need to be overhauled to enable more secure collaboration and connectivity. The network no longer ends at the door, so businesses need additional controls, contextually chosen, with a specific focus on email, web applications and the implementation of a zero-trust architecture. They need to ensure they’re giving a user the least amount of access privilege possible. The door should be open just enough for a user to use what they need, without putting any adjacent systems at risk.
COVID-19 at the very least unmasked the fact that many IT policies lacked due diligence and could only manage a short-term, temporary disruption of operations. Our lockdowns have been longer and more onerous than we thought, and our risks are only increasing in an environment where businesses rely more than ever on web applications to continue trading in a time of physical distancing.
So, what do we need to do?
Start by formulating a refreshed, risk-based approach to your digital assets, one where your information security programme is designed around identified risk areas rather than throwing everything you have against everything you own. If you can understand your risk and measure the effectiveness of your controls, you can secure your systems without blowing your budget.
Then, educate your users. As we’ve said, cyber-attackers thrive on uncertainty. If your employees don’t understand your IT protocols or what suspicious activity looks like, they’re more likely to be compromised.
Finally, let’s talk about response, which is arguably the most robust way to be prepared in the digital age. The 2020 Global Threat Intelligence Report shows us that it’s not enough for businesses to simply react to security incidents. Reactive security spending dilutes the overall value of a solution, because it doesn’t tie data into intelligence. In other words, if you’re going to be attacked, at least have the data, framework and context to understand the where, what and why of your vulnerabilities. Then you can respond meaningfully and protect yourself better in the future.
Businesses need the ability to anticipate and prevent cyber-attacks in every aspect of their operations. It makes no strategic sense to think of a business team and a security team as siloed entities. There are no islands in cybercrime – we’re connected because our risks are connected. It is one of the reasons we recently moved towards a “One Dimension Data” operating model. By bringing our businesses together, we’re able to architect solutions across what was seen as traditional product distinctions such as infrastructure, customer experience, the workplace, business applications and security.
One needs to uphold the principle of secure by design to ensure you don’t become another statistic.
Tony Walt is the Managing Executive for Dimension Data Security.
Mauritz Grobler is the National Product Manager for Dimension Data Security.
This post and content is sponsored, written and provided by Dimension Data.