INDUSTRY WATCH
CYBERSECURITY MUST BE
ADDRESSED AT A BOARD
LEVEL AND NOT LEFT
BEING ‘RELEGATED’ TO AN
IT DECISION-MAKER.
T
he cyberattack on the ICT systems
at the City of Johannesburg
caused a significant impact on its
ability to deliver services to its residents.
The attack breached the network and
resulted in unauthorised access to the
city’s systems. The individuals responsible
demanded that the City of Johannesburg
paid 4 bitcoins, valued at around
R500,000. However, the city refused to
concede to their demands and was able
to restore the systems.
Bryan Hamman, Regional Director at
NETSCOUT, which offers NETSCOUT
Arbor, specialising in advanced DDoS
protection solutions, says that, with the
rise of the Internet of Things (IOT), the
rapid increase in last mile connectivity and
the shift to global ecommerce, enterprises
have more frequently become the targets
of various forms of cyberattacks.
“The problem, however, is that
traditional vendors of firewalls, IPS, WAF
and such are ill-equipped to handle
these new and emerging threats,”
said Hamman. “Firstly, they are often
the victim of the attack, as state and
application-based attacks are frequently
used to target security appliances
that by design have to track sessions.
These devices have a limited amount of
memory and CPU, which translates to
a fixed number of sessions or packets
the device can handle. Attacks can be
crafted to expose those weaknesses.
A far simpler method would be to just
saturate the last mile of connectivity.
Regardless of dropping traffic on the
customer side, the entire customer site
would be affected. Looking at the local
footprint, we have seen a drastic increase
in cyberattacks, and this is something
that local companies have historically
not given much consideration to. The
www.intelligentcio.com
Bryan Hamman, Regional Director
at NETSCOUT
publicly-documented cases at Cool Ideas,
Cybersmart and various South African
public services illustrate that more and
more attacks can be expected. The
growing level and frequency of attacks
are not only limited to local ISP and
enterprises, but even global giants have
been taken down with successful attacks
against Google and AWS.”
Meanwhile, Matt Walmsley, Head
of EMEA Marketing at Vectra, says
extortion is a well-established approach
for cyber criminals and is used through
tactics that include threatening denial of
service, doxing, and ransomware.
“In the reported case of the city of
Johannesburg, the four Bitcoin ransom
(circa US$30,000) is meaningful but not
particularly high and so may be pitched
at that level to encourage a decision
to pay,” he said. “Cyber criminals are
increasingly making rational economic
decisions around targeting organisations
and demand ransom levels that they
believe will have a higher likelihood of
payment. All too often we are reminded
that defensive controls are imperfect, and
the ability to quickly detect and respond
to live attacks that have successfully
penetrated an organisation can make the
difference between a contained incident
and damaging breach.”
INTELLIGENTCIO
65