There has been a rise in cyberattacks globally and South Africa has not been spared – there have been some notable examples, showcasing how unpredictable the world has become. Governance expert Professor Mervyn King, a senior counsel and the former judge of the Supreme Court of South Africa, elaborated by saying that local organisations can be divided into two types: those who have been hacked and those who have not yet been hacked.
King was speaking at a recent FutureProof event with Dimension Data in association with Business Day, on the topic of cybersecurity. The two greatest risks facing businesses in the 21st century, said King, are climate change and cybersecurity. If a business’s systems are not secure, then the business itself is not secure.
IT governance and cybersecurity needs to be on the agenda of every single board meeting and every company needs a system to back up data and a disaster recovery plan in place should a data breach occur, he said.
The recent NTT Dimension Data 2021 Global Threat intelligence report shows that the finance, manufacturing and health care industries are the most vulnerable with 62% of all cyberattacks happening in these sectors.
The Global Threat Intelligence report is an annual report produced annually by NTT and identifies actual and emerging cyber threats that organisations are facing globally and provides operational, tactical and strategic recommendations for managing risk.
An expert panel consisting of Warren Small, global head of security sales and innovation at NTT, Itumeleng Makgati, group executive for Information Security at Standard Bank, Celia Mantshiyane, chief information security officer at Coca-Cola Beverages Africa and Seshni Moodley, principal head finance: Intelligent Security at Dimension Data MEA discussed how organisations can stay ahead of the curve to secure the next horizon of cyber resilience.
Warren Small pointed out that cyberattacks prevent organisations from being productive. The objective of a cybersecurity strategy, he said, was to lower risk, ensure that effective controls are in place to minimise these risks and maintain the integrity of the business. Essentially, this requires measuring an organisation’s digital identity and footprint and then mapping that back to its risk. Small warned against following a tick box approach to cybersecurity.
Cybersecurity strategies have been put to the test in the last 18 months, according to Itumeleng Makgati. Given that cloud computing is core to digital transformation, organisations need to have a cyber security strategy in place in order to ensure that cloud computing is done securely. A good starting point, she said, was to have a comprehensive understanding of the business’ risk profile and where its data is exposed before deciding what tools and technologies should be employed to mitigate these risks.
Fearing reputational loss, many businesses don’t report a cyberattack, and instead simply pay the ransom, she revealed. In the past 18 months Standard Bank has seen a significant migration towards digital transactions. However, with this comes a responsibility to ensure that customer’s data is protected.
Celia Mantshiyane added that cybersecurity should not be regarded as a cost to an organisation but rather a value-add and one that enables an organisation to reach its objectives. In fact, cybersecurity feeds into the bottom line, she said.
Although cybersecurity can be expensive, she urged organisations to use their people as their first line of defence and to learn from their peers.
There is no denying that the impact of a modern cybersecurity breach can be significant and includes financial loss as well as reputational and brand damage, eroding customer trust. According to Seshni Moodley, three out of five customers are more likely to cancel services with a company that has suffered a cyber breach, she revealed.
The implementation of recent privacy laws including GDPR – and locally the Protection of Personal Information (POPI) Act – organisations are now required by law to protect their customers and stakeholders personal data, she said, adding that people expect organisations to keep their information and data to be kept confidential.
There is currently a massive shortage of cyber security specialists globally. Where organisations don’t have the necessary skills or budget to afford the technology, Moodley recommended partnering with key service providers to help them better understand the threat landscape.
The topic of much debate recently has been how to authenticate the identity of users without passwords.
The 2021 NTT Dimension Data 2021 Global Threat intelligence report is available for download at www.dimensiondata.com