As African governments and enterprises build momentum around digital transformation, they face mounting pressure not only to fortify their cybersecurity measures, but also to embrace transparency in disclosing cyberattacks.
Bryan Hamman, regional director for Africa at Netscout, explains: “Organisations across the continent saw a spate of cyberattacks across many countries in 2023 and this has continued into 2024, with ongoing attacks taking place on a daily basis.”
And, as the local threat landscape regulations surrounding cybersecurity disclosure tighten, companies across Africa are realising the critical importance of safeguarding their digital assets while also adhering to compliance requirements, he says.
“The repercussions of cybersecurity attacks, which can include both monetary fines and potential imprisonment in some countries like Ghana, Mauritius and South Africa, underscore the urgent need for African enterprises to prioritise robust protection measures and proactive disclosure strategies.”
Recent incidents within the region serve as stark reminders of the consequences of inadequate cybersecurity measures and non-compliance with regulatory frameworks, as illustrated below:
* In South Africa, a breach faced by a significant player in the packaging industry in March this year highlights the vulnerability of businesses to cyberthreats.
* Similarly, a local credit reporting agency’s failure to adhere to the Protection of Personal Information Act (PoPIA) protocols and the subsequent enforcement notice served to the organisation illustrate the ramifications of non-compliance.
* The experience of a pharmaceutical retail group, while it was able to avoid hefty fines through compliance with suggested measures after a data breach, also underscores the significance of swift and effective response strategies.
“Changing regulations pose new challenges for enterprises, emphasising the need for a holistic approach towards cybersecurity and a robust solution that encompasses both protective measures and transparent disclosure practices,” Hamman adds. “This must include real-time threat detection, behavioural analytics, incident reporting and historical investigation, as well as compliance monitoring and reporting.”
Unveiling a suspected breach
An example of how best to handle a suspected breach in an enterprise network should include the following steps:
* Who: Identification of intruders. Here, organisations would need to identify the source of an intrusion or unauthorised access attempt, pinpointing the IP address, location or specific device involved.
* What: Nature of breach. A packet data inspection will reveal details about the nature of the breach, including the type of attack, data accessed, and actions taken by the attacker.
* When: Time-stamped analysis. Time stamps on network packets allow determination of breach timing, duration, and patterns in the attacker’s activities.
* Where: Origin and destination. The analysing of packet data reveals the breach’s origin, traversal path, and affected areas.
* How: Method of breach. Deep packet inspection technology will uncover breach methods, vulnerabilities exploited, attack vectors, and intruder techniques.
“This type of depth of analysis could assist African organisations in swift incident response, forensic investigations, and, importantly, help with proactive security measures to prevent future breaches. By prioritising cybersecurity resilience and embracing transparent disclosure practices, local businesses can not only mitigate the impact of cyberattacks but also safeguard their reputation and uphold the trust of their stakeholders in an increasingly digital world,” Hamman concludes.