Johannesburg, 17 April23: Everything is going fine, but then the power cuts out. No problem, your employees have laptops, and backup systems keep PCs running. But what about your data? What steps have you taken to ensure your business information and application services remain available when loadshedding strikes? And did you also cover your security?
When data and applications become unavailable, work stops. Loadshedding has made this balance much harder to maintain, and many companies might start cutting corners in their security to ensure productivity. But they are taking a significant risk.
“Today’s digital businesses must balance access to their systems with hybrid workers, 24/7 availability and ongoing security. Throw in frequent power failures and they need to start making tough choices. It becomes tempting to make choices that focus on availability and sacrifice security features which is understandable, but they should be careful because cybercriminals can exploit those shortcuts,” says Gerhard Swart, CTO at cybersecurity company, Performanta.
Loadshedding puts every organisation’s security under pressure. According to Swart, there are 5 key considerations you should take into account to avoid trouble while keeping your systems online and your business cyber-safe.
- Users log in from different areas and at different times
Modern cybersecurity depends on predictable user behaviours, particularly zero trust security that scrutinises the locations and times of people logging in. Loadshedding causes big swings in when and where people decide to access systems, and criminals exploit this confusion. Companies should implement multi-factor authentication to reduce problems with hacked accounts and enlist threat-detection services to catch unusual behaviour.
2. Datacentre providers are not impervious
Third-party data centres invest considerable resources to provide power generation and protection against surges. But these measures can still fail, and all organisations must have data loss protection plans. These plans include backup services and failover contingencies, such as a secondary live data site duplicated from the primary data centre.
3. Productivity pressures can derail backup/recovery security
When users need to access data or applications, it should happen quickly, or their productivity will suffer. Speed is essential for ready access to digital assets. But such productivity demands often lead to cutting security corners. This is a dangerous compromise and should be avoided. Create clear, flexible backup and recovery processes that maintain key features such as zero trust security and encryption.
4. Password sharing and weak passwords are more widespread
Hybrid working has encouraged some bad security habits to grow, such as weak passwords, reusing passwords and sharing passwords. Even though passwords are not a great solitary defence, they still form part of a robust security posture and good security hygiene. Poor password habits have dual adverse effects: they undermine security culture and weaken security measures. Loadshedding amplifies these bad habits. Create a clear password policy, scan for duplicate passwords, and consider providing a company-supported password manager.
5. Criminals can exploit loadshedding anxiety
One of the most significant risks from loadshedding is the anxiety and panic it causes. Criminals can use these emotions in phishing attacks such as an email offering a super-cheap, high-end power supply (act now or lose it forever!). Users click on the link, thinking they will get a special deal, but they instead allow malware onto their system. Ensure your people are updated on their security hygiene, inform them to watch out for these attempts, and use periodic testing to demonstrate how an attack could happen.
Loadshedding amplifies many risks around technology. Most of these are apparent, such as providing backup power. However, it’s important not to overlook the problems it creates for data and applications. Speak to an experienced digital business security provider to ensure your environment balances security and productivity when the lights go off.
Performanta was founded in 2010 and has over 150 staff worldwide, including former CIOs/CISOs from large enterprises. It has a global footprint with a team of 80 analysts working in two SOCs, helping to secure customers across 50 countries, from offices in the United Kingdom, Australia, Germany, South Africa and the USA. Performanta offers a consultative approach to people, process and technology, focusing on security projects in line with adversarial, accidental and environmental business risk. With a holistic cybersecurity view, we understand the modus operandi of the perpetrator and accordingly build an intelligent defence mechanism to make customer environments less susceptible to attacks.
Tel: 079 438 3252
Email: [email protected]