Cyber criminals have been targeting South Africa for attacks and breaches for decades. Knowing that many companies haven’t focused on their security, the crooks employ devious methods that are ever-changing for their attacks. Beyond the approximate R2.2-billion that it costs every year, the attacks harm individuals, infrastructure, and the economy; making South Africa the third-highest in the world for cybercrime victims. While some of these breaches are for financial gain, others are malicious and dangerous. Cyber security specialists have recognised that the approach to reduce these attacks must change and they are now using tools such as MDR (managed detection and response) combined with 24/7 endpoint detection and response (EDR). The answer to thwarting these threat actors is to be as flexible and fluid in change as they are.
The South African government is well-aware of the vulnerability of their citizens and companies. An Interpol report of Oct., 2021 stated there is a “critical absence of cybersecurity protocol, cyber-resilience as well as mitigation and prevention measures for individuals and businesses” in Africa. To address this critical need, the Department of Telecommunications and Postal Services of the South African government has created the “CyberSecurity Hub.” The National CSIRT (Computer Security Incident Response Team) is a main location where individuals that are government stakeholders, from the private sector, general public, and civil society can view, identify, and counter cybersecurity threats. Cybersecurity specialists make use of this hub for information, data, and assisting in coordinating response activities. In addition, the SA government has enacted some harsh and strict laws in the fight against cybercrime; allowing them to equal international standards.
However, this hub is just a preliminary step in some of the alterations and approaches in dealing with cybersecurity. Professionals in the industry are adapting to new and innovative actions that supersede methods used in the past. Understanding the most organisations don’t have the staff to devote to cybersecurity and that a majority of breaches go undetected for as long as nine months, cybersecurity professionals are now engaging tools to offer protection and prevention, but have placed a higher priority on detection.
Additional actions that are being taken include in-depth analysis of what allowed a potential breach and recommendations for changes in protocol to close the vulnerability loopholes. Sources such as the Cybersecurity Hub can give insight into methods used by the threat actors, the levels of complexity, and potentially those involved so that swift and efficient responses can be taken. Using a combination of technology and human expertise, cybersecurity professionals can analyse and perform threat hunting, monitoring and response.
Combating cybercriminals requires that cybersecurity specialists be as fluid as they are. The old attitude of examination and approval of a network every three years or so is gone. Today it requires consistent and constant monitoring. Technologies have evolved to the point that a cybersecurity specialist can assist an organization to detect a breach and take action to prevent them from becoming a victim.
“Using the latest tools, DaVinci Cybersecurity coordinates with our clients to bring the highest quality security protocols. Our MDR services help to ensure that an organization is monitored, any breach discovered, and response action is taken. This may require looking in places that appear different or are suspicious.”
Sharon Knowles, CEO DaVinci Cybersecurity