On a recent visit to BDO in Norway, it struck me that many South African-based businesses and organisations are increasingly exposed to cyber threats and vulnerabilities of which they are blissfully unaware.
There is no doubt that we currently find ourselves in an age where highly technical targeted cyber-attacks are the order of the day – and I don’t think executives take this threat seriously enough.
We are experiencing the evolution of the threat landscape, from a relatively small number of signature-based viruses in the 90’s, to a significantly larger number of advanced threats in the last 5 years. This is the result of intensive work by hackers in creating attacks that will go undetected by reactive, traditional AV (Anti-Virus) products. Traditional endpoint protection is only effective in protecting against known malware. It is not capable of dealing with attacks where exploits, file-less malware and other advanced technologies are used.
The question board members, CEOs, CFOs and COOs should be asking is not ‘if’ your company has been breached, or even ‘when’? Having seen the level of sophistication associated with the attack vectors and methodologies, I have no doubt that most South African businesses must now accept that it has already happened to them.
The real issues which must now be addressed at board meetings deal with the capability of the business to timeously detect and deal with the inevitable attacks.
Two key issues need to be considered when dealing with the current cyber threats:
- Appropriate design and implementation of cyber defence systems
- The capability to detect and respond to IT security threats and breaches with appropriate levels of depth.
Through our strategic partnership with Panda Security, I have seen the new-generation technology developed as a direct response to advanced threats. Solutions like Panda’s Adaptive Defence closes the detection gap and hardens protection to effectively stop ransomware, APTs and other sophisticated attack types. Adaptive Defence is an EDR (Endpoint Detection and Response) class technology with a differentiated approach involving the monitoring and classification of all running processes to deliver a 100% attestation service that ensures only trusted applications can execute.
Maintaining a cyber-resilient organisation requires a comprehensive cyber-security strategy that includes not only threat detection but allows for increased visibility and control by leveraging Threat Hunting technology.
The core feature of SOC / SIEM / CERT * technologies is the ability to gather security data from all of the critical assets residing on the businesses network and to present that data as actionable information via a single interface. This provides a vast array of benefits by allowing the security teams to gain a complete understanding of the IT assets’ security status, prioritise security incidents, and demonstrate compliance with regulations much more efficiently.
Solutions, like Panda Adaptive Defence, help administrators filter the huge volumes of data handled by SIEM systems and focus on what really matters:
- What new programs are being run and are yet to be classified as goodware or malware?
- How did those programs reach the network?
- What suspicious activities are they performing on user devices?
- What legitimate software with known and exploitable vulnerabilities is being used?
- What processes are accessing…
The full article is reserved for our subscribers!
Read this article by Graham Croock, Director, BDO South Africa IT Advisory and Cyber Lab, as well as a host of other topical management articles written by professionals, consultants and academics in the August/September 2018 edition of BusinessBrief.
Questions or problems?
firstname.lastname@example.org | +27 (0)11 788 0880 |