Graham Croock, director of BDO IT Advisory Services, gives his opinion on the state of the cyber-security industry in South Africa.
During my visit to BDO Norway last week, where I attended a tour of the BDO CERT facility, to personally see the operation of SOC (Security Operations Centre) & SIEM technology (Security Information and Event Management) services in action, it struck me that many South African based businesses and organisations are becoming increasingly exposed to threats and vulnerabilities which they are not aware of.
There is no doubt that we currently find ourselves in the midst of an age where highly technical targeted cyberattacks are the order of the day.
The question board members, CEOs, CFOs and COOs should be asking is not “if” your company has been breached, or even “when”?
Having seen the level of sophistication associated with the attack vectors and methodologies, I have no doubt that most South African Businesses and organisations must now accept that It has already happened. The real issues which must now be addressed at board meetings deal with the capability of the business to timeously detect and deal with the inevitable attacks.
Two major issues need to be considered when dealing with the current cyber threats:
* Appropriate design and implementation of cyber defence systems; and
* The capability to detect and respond to IT security threats and breaches with appropriate levels of depth.
The core feature of SOC/SIEM/CERT technologies is the ability to gather security data from all of the critical assets residing on the businesses network and to present that data as actionable information via a single interface. This provides a vast array of benefits by allowing the security teams to gain a complete understanding of the IT assets’ security status, prioritise security incidents, and demonstrate compliance with regulations much more efficiently.
My experience with South African CEOs, COOs and CFOs has certainly highlighted an extent of arrogance associated with a lack of understanding of the current threats. It is interesting to examine the behaviour of a CEO delivering an address to press following an attack and breach.
The core issues are seldom addressed and CEO’s arrogantly skirt around the issues.
The European Union took a step forward on Friday in establishing a new bloc-wide cybersecurity agency and enacting a new certification framework that advocates say will create a food label-type standard promising a level of data security on products like connected cars and smart medical devices.
At a meeting in Luxembourg, the European Commission’s Telecommunications Council agreed on a “general approach” to a proposed law that would establish an EU Cybersecurity Agency to help member states respond to cyber threats. The Cybersecurity Act would also create a process for connected devices EU-wide to get safety certifications similar to food labels.
The meeting paved the way for the law to be finalised by the end of 2018 after negotiations with the European Parliament, the commission said.
The new cybersecurity agency, revealed by European Commission President Jean-Claude Juncker in his annual State of the Union Address in September 2017, would be established out of the existing European Agency for Network and Information Security, or ENISA. The agency plans to organize annual EU-wide cybersecurity exercises and put in place channels to share information on cyber threats throughout the EU.
Perhaps it is time for arrogant South African executives and government officials to follow the example of the EU in “Strengthening South African businesses’ and governments cybersecurity.
Compliance with Network Infrastructure Security Directives and appropriately formulated cybersecurity rules designed to protect key industries like banking, energy and technology from attacks is now of paramount importance if serious cyber breaches are to be managed.
Integrated threat intelligence, security monitoring, incident response and security analytics competencies to reflect the reality of detecting Advanced Persistent Threat (APT) style behaviour on business network infrastructure, including endpoint threat detection and data exfiltration is absolutely necessary and appropriate budget must be applied for this critical service.
As threats continue to evolve, so too must the processes around leading technologies in order to provide a business-focused SIEM SOC Managed mitigation service that will evolve with your organisation’s needs and the changing cyber threat landscape.