The fear of cyber incidents has topped the Allianz Risk Barometer 2024 list as the most important business risk for the third consecutive year.
Voted into the number one position by several countries across Africa, including Kenya, Mauritius, Nigeria and Uganda, it’s clear that cybersecurity prioritisation remains critical for many businesses.
These concerns apply to companies of all sizes, across all industries and in every country, states Mark Campbell, principal sales engineer at Netscout, adding that in today’s digitally connected world, where organisations rely heavily on networks for their day-to-day operations, cyberthreats and attacks are a constant concern, particularly considering their ever-evolving sophistication.
The crucial role of network-based security
According to Campbell, network-based security is the lynchpin that binds a business’s devices, servers, applications and users together.
“The importance of network security cannot be overstated,” he explains. “For companies across the globe, with African organisations being no exception, the network serves as the one constant medium that holds the ‘truth’.
“And despite cybercriminals’ attempts to disable various security controls, like antivirus measures or endpoint security, for instance, the network remains the unavoidable pathway for bad actors. They must traverse the network to perform their reconnaissance, execute their exploits of ill intent, and exfiltrate data.
“Looking at it from this perspective, you could say that the network sees all. Any deviation from the norm can be observed on the network, and zero-day activity can be recorded and interrogated by using network packet data. There is simply no way to hide or expunge your network traffic footprint, making it a critical component in cybersecurity today.”
Crafting a tailored network security policy
Campbell applauds the growing adoption of zero-trust concepts in African businesses, but emphasises the need for a customised approach, advocating for a step-by-step process to be followed.
“Organisations should start with defining their critical assets, next assessing associated risks, and subsequently investigating the potential impact of data loss on the company.
“Then, a bespoke network security policy, striking a balance between disruption and risk mitigation, is crucial. The research conducted beforehand will dictate what is applicable for your particular organisation, and continuous monitoring, facilitated by packet-based network security systems, becomes imperative to measure compliance and identify gaps.”
Layered security: a holistic approach
Drawing a parallel between layered security and your health, Campbell compares the importance of taking care of yourself in a holistic way, for instance exercising, eating well and taking vitamins, with that of addressing multiple facets of cybersecurity simultaneously, in order to gain positive results.
He warns against neglecting any single area, emphasising the need for comprehensive coverage, from network intrusion, device security, software management, endpoint and perimeter protection, to identity management and privileges.
“It’s critical that organisations look at all areas of cybersecurity, at all times. Failure to do so might expose a weakness that could then be found and exploited by an attacker. This can be frustrating for businesses – and there is no ‘silver bullet’ to avoid all breaches.
“Securing enterprise networks can be a formidable challenge, making layered security not only a strategic choice but an absolute necessity when it comes to safeguarding the network against potential weaknesses that might be exploited,” he concludes.