In a digital world, with billions of people and even more devices connected to the Internet via private, public and corporate networks, cybersecurity has become a priority concern. T-Systems estimates that the world will see 50-billion connected IOT-devices by this year.

By Lukas van der Merwe, specialist sales executive: security at T-Systems South Africa

In addition, to flatten the pandemic curve, governments globally continue to implement lockdown and social distancing, forcing much larger percentages of the workforce to connect remotely. Lockdown will leave a lasting impact on how we work and requires a complete revision of how corporations view and address cyber risks.

Even before the outbreak, South Africa was on the brink of a major transformative phase in cybersecurity. The imminent introduction of the Protection of Personal Information Act (POPIA) and cybercrime legislation, as well as a continued digitisation drive from business and the availability of cognitive technologies are paving the way for corporations to emerge victorious from the chrysalis. There will be greater focus on effective detection and response, while maintaining sophisticated protection in their cybersecurity DNA.

However, the outbreak greatly accelerated the digital workplace and the lockdown forced companies to enable employees to work remotely. The risk is that many organisations may be left behind in a caterpillar like approach, while others may remain in the pupal state, overwhelmed by the complexity of this challenge.

Those who emerge from the Chrysalis and are able to adapt and leverage next-generation technology underpinning Advanced Cyber Defences, will be much better prepared to grow sustainably in a digital post pandemic world.

Keep in mind that technology and the security controls it enables do not inherently offer protection – cyber resilience requires a holistic and proactive approach, owned at the highest levels of an organisation.

With data classified and risks assessed relative to the specific business, T-Systems can advise appropriate controls and supporting technology to be deployed.

Lead from the top

* For security to be effective, the leadership team must support and sponsor all initiatives, demonstrating to the organisation the importance of strong cybersecurity practices.

* A board member should be accountable for ensuring the security of the organisation – this could be a Chief Information Risk Officer (CIRO), or Chief Information Security Officer (CISO).

* Employee cyber education is imperative, and should be engrained into standard operating policy and training throughout the year.

Understand the risks

* Fundamentally, we need to know what we are trying to protect – our corporate IP (for example, for an oil company this would be geological data, refinement processes, etc).

* We can then determine the risk to this IP, whether from external attack, or insider threat, in all its guises.

* This helps to determine a defensive value, or the consequence of a loss of this IP – and we can determine the size of the security budget.

Assess the present defences

* What is the maturity of our current cybersecurity defence? Do the pieces interact without issue, or do we have a number of different vendor solutions operating in isolation?

* What is the perceived effectiveness of current defences – unless you regularly test the defences, this is probably an unknown. If you are operating discrete vendor solutions, chances are the effectiveness is low.

* This analysis shows a clear picture of the current security defence landscape, and where the gaps are.

Devise a holistic strategy

* With the current landscape understood, we can build a risk assessment to determine where investment is needed.

* This allows the construction of a holistic and cohesive security strategy with all elements interacting to provide true threat intelligence and response.

* This all starts with a simple journey to understand whether the current organisational defences are effective.

Cyber resilience is much more than a defensive strategy and requires earlier detection and rapid response in the event of a breach. In a data-driven digital economy, with cyberthreats increasing both in frequency and sophistication, South Africa is no exception and definitely not immune.

The lockdown resulted in more employees working remotely using less secure devices and networks, exacerbating the already significant threat. This is likely to become the new normal and while the initial focus was on access and productivity, we have to address long term sustainability and security aspects.

Next-generation technology like Security Orchestration Automation and Response (SOAR), Artificial Intelligence (AI) and advanced threat hunting can greatly assist, but less than 15% of corporations in South Africa has this deployed

T-Systems has operated a Security Operation Centre in South Africa since 2010, offering Advanced Cyber Defence services, using the latest technology that integrates AI, Orchestration, Automation and Threat Hunting capability.