How to manage cybersecurity in a risk-averse world

South Africa is under siege from the world’s hackers and cybercriminals, but with focused defence and compliance strategies in place they can be kept at bay, says WWISE 

Clark Basilwa, an IT security consultant at South African ISO
Clark Basilwa, an IT security consultant at South African ISO

Johannesburg, – Cyber criminals are winning the war in South Africa.

In its African Cyberthreat Assessment Report for 2021, Interpol found that at a conservative estimate, cyberattacks are costing the country some R2.2-billion annually.

Research by anti-virus provider Kaspersky also found that ransomware attacks in South Africa doubled between January and April 2022 compared to the same period last year, while other studies indicate that the republic experiences about 577 malware attacks – every hour.

Heading into 2023, cybercriminals are already finding ways to exploit new protection systems.

Clark Basilwa, an IT security consultant at South African ISO (International Organisation for Standardisation) standards training and implementation specialist at WWISE, explains that as prominent ransomware groups continue to offer evolving products with targeted services, vulnerabilities reduce in quantity but increase in severity.

“In fact, last year, several vulnerabilities accounted for some of the biggest threats faced by organisations.”

Cybercriminals are also upping the ante by pursuing Structured Query Language injection attacks, which occur on a database-driven website when hackers manipulate a standard SQL query (a SQL query is a request for some action to be performed on a database, and a carefully-constructed malicious request can

create, modify or delete the data in the database).

What is clear is that no one is spared.

“You could be an individual, a nonprofit, a small charity, it doesn’t matter. The hacker doesn’t care where the money comes from,” says Craig Rosewarne, MD of cybersecuritycompany Wolfpack Information Risk.

The consequences of cyber invasion are unquestionably severe.

The attack on Transnet in 2021 impacted ports, harbours and pipelines to the point that the state enterprise was forced to declare force majeure at a number of container terminals.

The private sector also finds itself in cybercriminals’ crosshairs. Hacks of a supplier to pharmacy group Dis-Chem as well as targeting of credit bureau TransUnion this year resulted in the personal information of millions of South Africans being compromised.

The harsh reality is that not all attacks can be prevented, Rosewarne says, but organisations can defend against them, provided they recognise the complexity of digital crimes and tackle them accordingly.

For Clark Basilwa, the defence strategy needs to be multifaceted.

“There needs to be application of controls and measures to ensure the safety, protection and privacy of data by managing its capture, storage and distribution. This protects and secures data against unauthorised access, disclosure, destruction or disruption,” he says.

Additional measures he recommends include:

  • Restricted Access: To restrict users, or certain users, from being able to access, edit, download or distribute private company documents;
  • Encryption: To ensure that information is securely traded;
  • Authentication: Using, for example, biometric authentication or two-factor authentication is far more secure than password authentication;
  • Backup: Data can be retrieved in case of a data loss event;
  • Strong passwords: Protect information from being hacked;
  • Antivirus software: Protection from viruses, worms, Trojan horses, etc.; and
  • Firewalls: To defend against data from an untrusted external network while allowing the entry of trusted internal networks

Another key aspect to shoring up cyber protection measures is to meet specific compliance mandates.

ISO 27001, for example, is the only auditable international standard that defines the requirement of an information security management system.

This standard ensures tools are in place to safeguard people, processes and technology. It assists companies in managing cyberattack risks and internal data security threats, while at the same time helping organisations avoid penalties associated with non-compliance.

One of the obvious benefits is that it reassures clients that their information is protected, thereby enhancing a company’s reputation.

ISO 27701:2019 shows organisations how to build a privacy information management system that complies with most privacy regulations, including the EU’s General Data Protection Regulation (GDPR) and South Africa’s Protection of Personal Information Act (POPIA).

While it is clear that skills development will play a vital party in fighting cybercrime, e-learning platforms themselves can be susceptible to attack, and need to have world-class security technology products in place.

E-learning platform aNewSpring, from New Leaf Technologies, is ISO 27001-certified and  allows customers to better manage their information security risks and improve security posture, as well as meet compliance requirements such as GDPR and POPIA.

All software environments of the Learning Management System (LMS) are run through an encrypted connection which makes it impossible for third parties to intercept information that is transmitted through this connection.

The end-to-end e-learning supplier also offers cybersecurity training across a range of topics, from malware to phishing and more.

“We help customers to enable a ‘human firewall’ with award-winning cybersecurity awareness training,” says New Leaf MD Mike Hanley.

“We offer a range of over 600 ready-made cybersecurity-specific course titles, some of which also carried by WWISE. These include a customisable phishing simulator that emulates actual cyberattacks within the organisation. This delivers real-world scenarios to reinforce learning, remediate behaviours and prevent internal cyberattacks through actual email domains.”

Clark Basilwa concludes that there are a number of steps that organisations can take to better manage their security.

These include: avoiding pop-ups, unknown emails and links; using strong password authentication; connecting to secure Wi-Fi; enabling firewall protection for work and home; installing security software updates and backing up files; communicating with IT departments; and education and training.