CYBER SECURITY
SA’s industrial challenge: limited resources to respond to unlimited cyberthreats As South African business and industry is increasingly connected to the rest of the world through the cloud – whether it’s for operations or manufacturing – local enterprises need to consider the less desirable consequence of being connected to colleagues, suppliers, and service providers all over the world: vulnerability to cybercrime. By Carlo Bolzonello, country manager for McAfee Enterprise in South Africa.
W
hile these technologies offer the benefits of remote support, preventive and just-in-time maintenance reporting, and company-wide visibility into production status, many local organisations are having to adapt legacy operating systems and ‘plug’ them into the cloud, to achieve the economies of scale required by their parent organisations. These legacy operating systems are often no longer supported by their original vendors, and manufacturers are often hard-pressed to keep controls on their budget and want to sweat their assets for as long as possible. Neglecting to take a comprehensive and wide-ranging approach to cyber security in manufacturing leaves industrial companies open to two types of attacks: ransomware and the theft of intellectual property. Ransomware often enters the organisation through a seemingly innocent route — often a ‘recruiter’ offering employment, or a ‘researcher’ conducting a survey that requires an exchange of information. Ransomware mercenaries use these interactions to install malware that hobbles or halts production, and, much like in a kidnapping, hold the system ransom until a fee is paid. When losses in production amount to hundreds of millions of dollars a day, it’s often quicker and easier for businesses to just pay the ransom to have control of their facilities returned — but they can seldom be confident of the integrity of
34
SECURITY FOCUS AFRICA APRIL 2022
their environment going forward, and they’ve let the malevolent actor know that they are a potential repeat target. Intellectual property theft is most often a slow, methodical type of attack that frequently goes unnoticed until a business notices that its competitors have gained access to product design or other information that previously gave them a competitive edge. It’s not always competitors that are guilty of this kind of cybercrime — there are cyber mercenaries for hire who first research their target, reading publicly available reports and identifying opportunities to access information that can be sold to the highest bidder. The complexity of attacks continues to evolve, and with many nation states adopting a ‘blind eye’ approach to cyber law enforcement, it’s difficult to trace cyber criminals, and even more challenging to prosecute and convict them. It’s clear that enterprise cybersecurity demands have never been greater, and that protecting a business’s people, technology, and operations from cybercrime requires the input of a trusted cybersecurity advisor. Having the right security solutions in place and building out a cyber security strategy to protect what matters most to operations, needs to be a priority. Choosing the right security products can give businesses visibility and control over data and threats across public, private, and hybrid cloud environments, including data loss prevention, remote
browser isolation, and zero trust network access. It’s more important than ever to have a set of consistent data loss prevention policies that protect data in the cloud, on corporate endpoints, and on unmanaged devices, which have become more ubiquitous since the Covid-19-inspired move to remote working. That’s why it’s important for a security solution to offer seamless integration, providing a frictionless protection experience across multiple environments. Real-time database protection from external, internal, and intra-database threats should offer robust security and continuous compliance, without requiring architecture changes, expensive hardware, or downtime. Just as machine learning is helping businesses, industries and manufacturers achieve greater productivity, so too is this technology making it easier to find and address cyber threats, ransomware , and other advanced attacks. While South Africa may feel geographically far from some of the nations that experience the greatest number of cyberattacks, global connectivity means that local businesses are just as vulnerable as their counterparts abroad. It’s even likely that they are more vulnerable due to the perception that cyberattacks and ransomware incidents are location-based. The truth is that they are not — attacks follow the money, and attackers are slick professionals that are digital guns for hire, indiscriminate in who they target to achieve their goals.
securityfocusafrica.com