Intelligent CIO Africa Issue 35 - Page 65

INDUSTRY WATCH CYBERSECURITY MUST BE ADDRESSED AT A BOARD LEVEL AND NOT LEFT BEING ‘RELEGATED’ TO AN IT DECISION-MAKER. T he cyberattack on the ICT systems at the City of Johannesburg caused a significant impact on its ability to deliver services to its residents. The attack breached the network and resulted in unauthorised access to the city’s systems. The individuals responsible demanded that the City of Johannesburg paid 4 bitcoins, valued at around R500,000. However, the city refused to concede to their demands and was able to restore the systems. Bryan Hamman, Regional Director at NETSCOUT, which offers NETSCOUT Arbor, specialising in advanced DDoS protection solutions, says that, with the rise of the Internet of Things (IOT), the rapid increase in last mile connectivity and the shift to global ecommerce, enterprises have more frequently become the targets of various forms of cyberattacks. “The problem, however, is that traditional vendors of firewalls, IPS, WAF and such are ill-equipped to handle these new and emerging threats,” said Hamman. “Firstly, they are often the victim of the attack, as state and application-based attacks are frequently used to target security appliances that by design have to track sessions. These devices have a limited amount of memory and CPU, which translates to a fixed number of sessions or packets the device can handle. Attacks can be crafted to expose those weaknesses. A far simpler method would be to just saturate the last mile of connectivity. Regardless of dropping traffic on the customer side, the entire customer site would be affected. Looking at the local footprint, we have seen a drastic increase in cyberattacks, and this is something that local companies have historically not given much consideration to. The Bryan Hamman, Regional Director at NETSCOUT publicly-documented cases at Cool Ideas, Cybersmart and various South African public services illustrate that more and more attacks can be expected. The growing level and frequency of attacks are not only limited to local ISP and enterprises, but even global giants have been taken down with successful attacks against Google and AWS.” Meanwhile, Matt Walmsley, Head of EMEA Marketing at Vectra, says extortion is a well-established approach for cyber criminals and is used through tactics that include threatening denial of service, doxing, and ransomware. “In the reported case of the city of Johannesburg, the four Bitcoin ransom (circa US$30,000) is meaningful but not particularly high and so may be pitched at that level to encourage a decision to pay,” he said. “Cyber criminals are increasingly making rational economic decisions around targeting organisations and demand ransom levels that they believe will have a higher likelihood of payment. All too often we are reminded that defensive controls are imperfect, and the ability to quickly detect and respond to live attacks that have successfully penetrated an organisation can make the difference between a contained incident and damaging breach.” INTELLIGENTCIO 65