FINAL WORD
"This needs to be combined with basic cyber
hygiene, such as not opening attachments
or clicking links unless you know they are
legitimate, keeping up-to-date with system
patches and current versions of malware
protection," said Reed. and a holistic approach to security remains
vital for critical infrastructure entities.
"A layered approach to security, combined with
robust backups and a well understood incident
response, will be fundamental to combating
ransomware attacks. And, one thing is for
sure, City Power and others in the same
position should never consider paying out in
a ransomware attack. It’s important we don’t
normalise ransomware payments that are
ultimately just another method of extortion." "A systematic, unified, layered posture
ensures that all attack vectors are covered.
An effective IT security ecosystem involves
the holistic consolidation of tools and
intelligence, and analytics should feature
strongly in the technology deployed to
protect the network. Building a next-
generation security solution should include
various products that complement each
other starting with perimeter protection;
end point and secure email solution.
Having these three is a vital start to your
security posture. Once your baseline
is established, we need to look at how
we protect against unknown threats,
encryption of your data and ultimately
deploy decoys in your network to lure
hackers off your network.
Meanwhile, Dr. Amin Hasbini, Head of the
Global Research & Analysis Team for META
at Kaspersky, says that you avoid falling
victim to such cyber criminal activity, all
organisations should:
• Secure all endpoints
• Apply operating system and application
updates as soon as they are available
• Backup data regularly and keep backup
drives safe or offline
• Don’t routinely assign staff admin rights
on computers; and limit access to data to
those who really need it
• Educate staff about the tactics employed
by attackers. This includes:
• Never clicking on unverified links
• Never opening untrusted emails
• Only downloading from trusted and
verified websites
"It should also be noted that while paying
the extorters seems like the best option and
easiest path to get the data back, it is never
guaranteed that the data will be retrieved,"
added Dr. Hasbini.
"There have been cases in the past where the
attackers do not restore the data; and other
cases where they restore some of the data
and then demand further payment before
restoring the rest of the data.
“Paying only encourages the
cybercriminals to continue to develop
ransomware-based attacks."
Stefan van de Giessen, General Manager:
Cybersecurity at value-added distributor
Networks Unlimited Africa , says that
ongoing vigilance, maintenance of systems
76
INTELLIGENTCIO
“Security needs to have a layered approach,
ensuring each level is protected with
effective technology," he said.
"We advise adopting a phased approach to
developing a layered posture due to cost and
the complexity of management.”
Van de Giessen has outlined a phased
approach as follows:
• Investing in a next-gen firewall (NGFW),
next-gen antivirus (NGAV) with EDR
capabilities and a secure e-mail solution
that is critical in securing against the
most prevalent attacks. It is vital to
make sure, when choosing your vendor
of choice, that they have been tested by
third parties such a Gartner & NSS Labs to
ensure security effectiveness
• Protecting your applications that are
Internet facing and transacting with
customers online – a web application
firewall (WAF) and a secure payment
gateway will ensure these applications and
website are protected, and comply with PCI,
POPIA and GDPR compliance irrespective if
these are on premise or in the cloud. Onsite
and offsite backups are best practice
• User education and training is essential
in making sure that employees are able
to recognise and respond accordingly to
suspicious and malicious activity. This
also means that any threats which bypass
security measures are picked up at the
last line of defence
• Having an advanced threat protection
(ATP) strategy has become necessary
as malware and threats are evolving
constantly, making it hard to rely on
a known signature alone. The need to
include an ATP product in your security
structure is now more relevant than ever
to ensure we can stop zero-day attacks
“It is never easy for an organisation to
admit to a cybersecurity breach and we
applaud City Power for its honesty in
owning up to the reason for their systems
outages, as well as for not paying the
ransom demanded by the threat actors,"
said Van de Giessen.
"At the same time, it should be noted that
in being transparent, the organisation also
acted according to compliancy principles
as outlined by the European Union’s
General Data Protection Regulation (GDPR)
and South Africa’s Protection of Personal
Information Act (POPIA).
“The phased security posture advice outlined
applies to on premise, cloud and hybrid
environments. Additionally, device, operating
system, software and policy updates should
be carried out regularly and stringently to
ensure no vulnerabilities can be exploited." n
“
ALTHOUGH DATA
THEFT COULD
CAUSE HUGE
DAMAGE, THERE
ARE OTHER
THREATS LIKE
RANSOMWARE
THAT ARE MORE
LIKELY AND
WOULD HAVE
A PROFOUND
EFFECT ON ANY
COMPANY.
www.intelligentcio.com