The right playbook to fight against ransomware


Chris Buchanan | Client Solutions Director | Dell Technologies South Africa | mail me

October marks International Cybersecurity Awareness Month which raises awareness around safety in cyber space as well as the need to upskill and treat cybercrime as a priority.

Cyber attacks and disruptive events are on the rise, affecting 82% of organisations surveyed in the Technologies Global Data Protection Index 2020 Snapshot. These organisations included both public and private organisations.

Of the surveyed organisations, the biggest concern is the risk of a data breach (63% of respondents), this goes hand in hand with the multi-cloud challenge many African organisations encounter, however, 50% of respondents claimed to be addressing the issue by building cloud security strategies on a per-app basis.

The question is, how is the South African government responding and does government have the necessary skills to protect public entities from cybercrime?

Protecting the country’s cyber space

In 2012, the South African Cabinet adopted a National Cybersecurity Policy Framework (NCPF) to protect the country’s cyber space. Under the banner of the NCPF the Cybersecurity Hub was established by the then Department of Telecommunications and Postal Services (in 2015).

Since then it has matured into South Africa’s Computer Security Incident Response Team (CSIRT) and is in the processes of increasing its service offerings to the public and private sector. The hub is also the CSIRT’s decision-making body and identifies and counters cybersecurity threats and creates public awareness around cybersecurity threats.

National and local government leaders need to take these issues seriously. While organisations across sub-Saharan Africa are increasingly leveraging multiple cloud deployments to achieve digital transformation, data could be at risk and the need for a clear and defined cybersecurity strategy becomes clear.

Ultimately data is the target in ransomware attacks. According to a study conducted by World Wide Worx, titled ‘Cloud in Africa 2020‘, respondents were asked about the main security concerns they perceived to exist in cloud technology.

Nearly two thirds (63%) of respondents reported data security and the possibility of a data breach to be the main concern. This impression of an unsafe cloud stems from a media narrative that cloud access from anywhere could enable easier breaches, sparked by the constant stream of reported breaches. This statement generally only holds true if organisations don’t implement and maintain best practise in cybersecurity strategy.

An investment in the right technology and careful execution of cyber procedures will immediately transform the security posture of national and local government bodies. The timing of an attack is hard to pre-empt, so government needs to be prepared should this happen.

Developing a cyber playbook

Like agencies that have preparedness plans to protect and respond to natural disasters, cybersecurity teams also need to plan in advance for cyber incidents, this should include the development of playbooks with varying scenarios. Flexibility matters because as an organisation’s goals change, so do the risks.

Train, train and train again

Having government institutions in place and on high alert doesn’t ensure citizen data will be protected.

One important scenario to consider is when data or a system becomes unavailable or corrupted. This is where developing a system backup plan comes in, to know how long an organisation can operate through an outage, and how to transition to paper logs if necessary.

Security teams should always utilise opportunities for continual training. When a new member joins the team, use the onboarding process to reintroduce exercises and best practices to the whole team.

Leaders should also leverage creative methods, including team events and gaming-based training, such as capture the flag and software that simulates attacks – to facilitate greater participation and learning. These scenarios should include best-case and worst-case outcomes of an attack.

Awareness training is also key for teams to be able to identify and respond correctly to suspicious activity within networks.

Audit (and supplement) personnel

Cyber leaders should continually audit organisational roles to determine specific strengths and weaknesses within their teams to assess their stance on risk management.

The need for cyber talent is clear – The lack of cyber personnel and resources are undeniable globally and South Africa often loses skilled cybersecurity professionals to other global players, just making the gap bigger.

A successful way to bridge this gap is through a hybrid managed service model, which includes a combination of civil servants and support agreements with private sector companies that help augment resources to respond quickly in the face of cyber incidents.

Proper cyber hygiene 

Cyber hygiene isn’t a one-off exercise or something that is observed during International Cybersecurity Awareness Month, once a year in October. It’s a consistent mindset that encompasses all parts of our life and a continual journey.

As governments reinvent the ways they operate and interface with constituents, they must also empower employees through a workforce transformation to meet the growing security expectations of the 21st century. This needs to be a year-round effort, with substantial, calculated investments in employees through awareness campaigns.

Cyber hygiene and culture begin at home. It’s important government organisations and employees educate using phishing exercises and cyber literacy, helping understand the possible negative consequences both at home and in the workplace.

Investing in infrastructure with built-in security

Government organisations struggle to protect the numerous endpoints that fall outside of the traditional security reach of the organisation.

As the number of tools and cloud-based systems increases, the volume of generated data also rises, expanding IT infrastructure beyond data centres, making it harder to protect against threats.

It’s vital then for governments to invest in a secure, flexible infrastructure from the beginning, extending from edge to core to cloud.

Doing so will allow them to focus on continually improving citizen experience without having to worry about the disruption of layering security on top.

The road ahead

An investment in a comprehensive security approach saves invaluable time and resources, but also preserves public trust.

For example, if citizens can’t trust an online portal to conduct business with the government, they may all show up in person, disrupting service and organisational processes, or perhaps worse, their needs may go unmet.

Fighting ransomware is an iterative process that measures progress. Government bodies should tailor these efforts to make the most significant impact within organisation and meet with their business peers to re-assess risk and adjust the course of the cybersecurity program accordingly.



Please enter your comment!
Please enter your name here