CYE Strategy

Cybersecurity Best Practices for South African Organizations

September 23, 2020

Cybersecurity Best Practices for South African Organizations

South Africa has the third-highest number of cyber-crime victims in the world, suffering from 577 cyber attacks every hour. This number is likely to rise due to changes triggered by Covid-19, such as the accelerated pace of digital transformation that supercharged 2 – 5 years of digital advancements into a 6-month period.

The rapid digitization expanded the organizational attack surface, and combined with hackers that thrive on uncertainty, there has been a massive volume of cyber-attacks in South Africa and around the world.

In a collaborative webinar with representatives of financial organizations from S. Africa, Israeli cyber-security experts shared their insights from their military & commercial experience.

To stop a hacker, you must think like one

Hackers targeting the financial sector are often part of an organization that’s driven by financial gain. Like any organization, when working with limited resources, a prioritization process needs to occur. By collecting information from publicly available sources such as link analysis of the organization and its people or LinkedIn profiles of the security team, attackers can get an understanding of the organization’s security posture. This understanding is used to perform a cost-benefit analysis to determine which organization will be targeted.

“Getting through the door” is not very hard, and it rarely requires any sophisticated capabilities. Although “AI-based-next-gen hacking” sounds better than “guessed password”, the latter is much more common and often just as effective.

Cybersecurity needs to go back to basics

If the webinar was a song, this would be its chorus. Most cyber-attacks are not very sophisticated. A ‘back-to-basics’ approach involving the enforcement of fundamental security measures like strong passwords, multi-factor authentication, network segregation, and segmentations are enough to make an attack too costly for an attacker, so it wouldn’t be worth the resource investment.

“I’m not worried, I’m not an interesting target for cyber-crime”

Too many CISOs

It’s common for executives to think their company is protected simply because it’s not an “interesting target” for attackers, but this indifference is just what attackers love to see. Most attacks are opportunistic and non-targeted which means the attacker penetrates whatever organization is easier to get into.

Prioritizing mitigation in an era of thousands of cybersecurity solutions

People understand consequences. Once the business and security goals are synced, it’s easier to understand the practical impact a cyber-security issue has on the business and to allocate the right resources.

For example, if a certain vulnerability has a 40% chance to be exploited and to cause 50M dollars in damages, it’s reasonable to spend 20K dollars to mitigate the risk, and just as important, it’s easy to justify the investment to the leadership. 

Collaboration is key to a secured future

Cyber-attacks are growing, and organizations are shutting down all around us. One of the key elements for a strong ecosystem is collaboration. Law enforcements need to work more closely with organizations and security centers both locally and around the world. ISPs, cloud vendors and security companies should work together and share both tactical findings and high-level insights.

Knowledge sharing is beneficial but challenging. For enterprises, sharing even tactical data about an incident such as IoCs may take 2 weeks before it is shared, and even then, it’s censored beyond recognition.

The current lack of collaboration exists mainly because organizations don’t want to share their information and to expose themselves. This is the CERTs greatest challenge – to build trust with organizations. In Israel, they try to address this issue through a platform for sharing anonymous security information.

The effects of Covid-19 on cybersecurity

With the increasing remote connections and lack of proper security preparation, it’s harder than ever for security teams to detect illegitimate activity. Furthermore, more people are mixing their personal and work accounts and devices, resulting in attacks that originate from personal email accounts.

There is a massive increase in password spraying and brute force attacks. We’ve seen several cases of attackers compromising Office365 and using SharePoint and OneDrive to share malware and infect the rest of the organization.

A new era of privacy violations. Lately, we’re witnessing new challenges that involve security and privacy. Employees are asked to work in front of the camera all day long, but what happens when their privacy is violated? For example, in a case we are involved in, an employee’s wife was caught on camera as she was getting out of the shower. The employee is now suing the company because he was requested to use the camera by the employer.

To sum, effective cyber-security may be achieved through personal responsibility, covering the security basics, and striving for collaboration.

Watch the full webinar, organized by The Israel Trade Office, SABRIC, and the Israeli Export Institute, 22 September 2020.