South African firms don’t take threats seriously enough, writes Graham Croock, director of BDO IT Advisory and Cyber Lab.
On a recent visit to BDO in Norway, it struck me that many South African-based businesses and organisations are increasingly exposed to cyber threats and vulnerabilities of which they are blissfully unaware. There is no doubt that we currently find ourselves in an age where highly technical targeted cyber-attacks are the order of the day – and I don’t think South Africa executives take these threats seriously enough.
The question board members, CEOs, CFOs and COOs should be asking is not “if” your company has been breached, or even “when”? Having seen the level of sophistication associated with the attack vectors and methodologies, I have no doubt that most South African businesses must now accept that it has already happened to them.
The real issues which must now be addressed at board meetings deal with the capability of the business to timeously detect and deal with the inevitable attacks. Two key issues need to be considered when dealing with the current cyber threats:
* Appropriate design and implementation of cyber security defence systems; and
* The capability to detect and respond to IT security threats and breaches with appropriate levels of depth.
The core feature of SOC (Security Operations Centre)/SIEM (Security Information and Event Management)/CERT (Computer Emergency Response Team) technologies is the ability to gather security data from all of the critical assets residing on the businesses network and to present that data as actionable information via a single interface. This provides a vast array of benefits by allowing the security teams to gain a complete understanding of the IT assets’ security status, prioritise security incidents, and demonstrate compliance with regulations much more efficiently.
My experience with South African company management has highlighted an extent of blissful arrogance associated with a lack of understanding of the current threats. It is interesting to examine the behaviour of a CEO delivering an address to the press following an attack and breach. The core issues are seldom addressed and CEOs often skirt around the issues.
The European Union took a step forward on 15 June 2018 in establishing a new bloc-wide cybersecurity agency and enacting a new certification framework that advocates say will create a food label-type standard promising a level of data security on products such as connected cars and smart medical devices.
At a meeting in Luxembourg, the European Commission’s Telecommunications Council agreed on a “general approach” to a proposed law that would establish an EU Cybersecurity Agency to help member states respond to cyber threats. The Cybersecurity Act would also create a process for connected devices EU-wide to obtain safety certifications similar to food labels. The meeting paved the way for the law to be finalised by the end of 2018 after negotiations with the European Parliament, the commission said.
The new cybersecurity agency, revealed by European Commission President Jean-Claude Juncker in his annual State of the Union Address in September 2017, would be established out of the existing European Agency for Network and Information Security (ENISA). The agency plans to organise annual EU-wide cybersecurity exercises and put in place channels to share information on cyber threats throughout the EU.
As threats continue to evolve, so too must the processes around leading technologies in order to provide a business-focused SIEM SOC Managed mitigation service that will evolve with an organisation’s needs and the constantly changing cyber threat landscape.
It is time for South African executives and government officials to follow the example of the EU in strengthening South African businesses’ and government’s cybersecurity.