With South Africa ranked the sixth most affected country in the world when it comes to cybercrime, companies and consumers must do more to protect themselves from cyber-attacks. Most recently, a new piece of ransomware, which targets healthcare and education and has been known to demand a ransom of some R14-million, was discovered locally.
As organisations and end users increasingly rely on digital tools to remain productive in a hybrid work environment and to conduct their personal business, cybersecurity must become a priority, says Reza Joseph, product manager: integrate and network security at Itec.
“As experienced cybersecurity consultants who take a holistic view of all the technology essential to mitigate against the threat of attack, we work closely with customers across industry sectors to ensure they get the best possible solutions in place for their unique requirements,” says Joseph.
Itec pre-sales: network security manager Ria Mey says companies no longer need convincing to take up cybersecurity: the discussion is more about what they need to harden their defences.
“Whether it is Zero Trust, SASE, SD-WAN, or just cybersecurity in general, there is more of an awareness of the need to safeguard systems, devices, and endpoints than ever. We are there to help customers navigate all the complexities that come with a modern cybersecurity approach,” she says.
Sticking to the fundamentals
With company data and infrastructure becoming more valuable in a connected environment, the need to protect it becomes critical for business continuity and longevity.
“Itec has seen an increasing request for endpoint security as more devices come online both from employee laptops and smartphones to Internet of Things systems. Every single endpoint poses a potential risk and must therefore be kept as secure as possible. Furthermore, it is vital to protect the employee devices from malicious users employing sophisticated social engineering techniques,” says Joseph.
Mey believes that even though companies have adapted and are managing a hybrid working environment, the fundamentals of cybersecurity must not be forgotten.
“We are seeing a lot of phishing attacks targeting emails taking place. This means that in addition to hardware and software solutions, user awareness training must be incorporated into an effective cybersecurity strategy. However, education is not only the company’s responsibility but something that each employee must proactively manage from their side,” she says.
Protect the perimeter first
Any cybersecurity journey must adopt a phased approach, with perimeter security like firewalls being a crucial first step.
“From there, it is very much a case of implementing endpoint and email protection while also considering employing encryption technologies for hybrid workers. As part of this, people must start realising the risks associated with unsecured mobile devices. Smartphones need cybersecurity solutions in place as they provide a key access point to the corporate network,” says Mey.
Itec is working closely with its cybersecurity vendor partners to provide penetration testing to customers.
“This identifies the existing gaps and highlights the risks associated with doing business in a digital economy. A penetration testing exercise is ideal for a business that wants to get a better understanding of its cybersecurity footprint. Leveraging artificial intelligence technology to detect weak spots is a great way to show decision-makers that the traditional firewall and anti-virus solution of the past can no longer be considered adequate defences in a modern world,” says Joseph.
Integrated approach is key
Even though email phishing and ransomware remain significant cybersecurity concerns, they are by no means the only ones that companies need to be aware of.
“Cloud-based threats have grown in magnitude and sophistication. Just because a company is using a cloud service provider does not automatically mean its data is safe. For instance, weak credentials and access management can undermine even the most secure cloud environment,” says Mey.
While not considered cybersecurity as such, infrastructure-as-a-service that incorporates backup and recover must still be implemented to ensure the safety and integrity of the data being stored whether on-premises or in the cloud.
“Itec believes in bringing the entire ICT ecosystem closer together to enhance the value proposition our customers are getting. This means providing an integrated cybersecurity and business resilience approach to give companies the peace of mind that their data and systems are defended as best as possible,” says Joseph.
Refocusing on cybersecurity
Despite all this, there remains a general misunderstanding of how severe the risk of cyberattacks are. It seems that companies only start to sit up and take notice once they have been breached.
“Some businesses feel that they are too small or are unimportant for cyber criminals. Part of this sees them arguing that they either do not have anything anybody would want to steal or that they would not be able to prevent a cyber breach even if they wanted to. It does not matter if you are an entrepreneur or a multinational, as long as you have money and sensitive information, you will be a target for cybercriminals,” says Mey.
This is where applying good cybersecurity hygiene comes in.
Best practice
“Even so, organisations do not want to worry about every aspect of their cybersecurity stance. This is where Itec and its managed services approach comes in. We make cybersecurity as user-friendly and seamless as possible. Our engineers do all the work at the back end with our vendors delivering proactive monitoring and security-as-a-service support. For us, it is about using the customer’s existing infrastructure and services and enhancing that with more advanced cybersecurity solutions,” says Joseph.
Of course, it remains essential for an organisation to embrace security awareness training in addition to endpoint and email protection, effective disaster recovery and backup, and even opting for a cybersecurity insurance policy.
“Even basic good practices such as often changing passwords and keeping software up to date with the latest patches can make a massive difference to the cybersecurity stance of a company,” says Mey.