CIO OPINION
Why a set it and forget it security solution does not exist , and why multi-layered cybersecurity is still necessary ?
Many African enterprises still consider cybersecurity a grudge purchase . What is worse , these businesses allocate funds after an incident or after a regulatory change forces their hands . The normalisation of the hybrid work environment has also contributed to a false sense of security .
Often , organisations think their traditional perimeter and endpoint security solutions are adequate even after migrating their data and applications to cloud environments .
In practice , the cybersecurity landscape has become cluttered with vendors trying to outdo each other with confusing acronyms and overlapping features . This has resulted in a fragmented array of security solutions . It could be argued that the industry needs regulation of its own to categorise vendors and products .
At least then , it will be easier for consumers and organisations to get clarity on what they are using and what they are buying . Having said that , this approach could be detrimental to one of the best ways to strengthen a company ’ s defences , which is adopting a multi-layered cybersecurity approach .
Even though the hype surrounding machine learning and AI has resulted in decision-makers expecting a set it and forget it security solution , the reality is quite different . Detecting advanced persistent threats relies on correlating indicators of compromise , IoC and subsequent threat hunting to investigate anomalies . server and workstation audit logs , and event logs need to be consolidated and correlated .
A Secure Access Service Edge solution has almost become a requirement to manage and monitor hybrid workers effectively . Historically , enterprises have achieved this through a Security Information and Event Management , SIEM solution , coupled with an in-house Security Operations Centre .
Small and medium-sized businesses can access similar Managed Detection and Response , services from MSSPs , though these often do not cover the full scope of services an in-house SOC provides .
David Herselman , Managing Director , inq . South Africa
Extended Detection and Response solutions attempt to persuade clients to adopt a single solution to address these challenges . However , these solutions are often vendor-specific with limited integrations , whereas SIEM , SOC solutions offer far greater compatibility in data ingestion .
There is no one-size-fits-all solution for cybersecurity . The key to effective security lies in a comprehensive , multi-layered approach that incorporates the best tools , frameworks , and practices .
There is a growing consensus that network traffic analysis , such as firewalls , switches with NetFlow , sFlow or SPAN , endpoint detection and response , telemetry , cloud service provider logs , in-house inq . South Africa , formerly known as Syrex , specialises in the installation and support of Open Source , Microsoft , virtualised , and hybrid network infrastructures .
ransomware activated yet , the recovery process involves regaining control of compromised systems and conducting a thorough investigation to identify and close security gaps .
This often requires a scorched earth approach , where systems may be deliberately broken to eliminate the attacker ’ s foothold . It is essential to act quickly , communicate effectively with stakeholders , and employ rigorous crisis management strategies .
Human-operated ransomware represents a formidable challenge for businesses , requiring a proactive and multi-layered defence strategy . By understanding the sophisticated tactics of these attackers and implementing robust security measures , businesses can better protect themselves from the devastating impact of human-operated ransomware .
The key lies in continuous vigilance , employee training , and a swift , decisive response to any signs of intrusion .
NEC XON is a African integrator of ICT solutions and part of NEC , a Japanese global company . NEC XON has operated in Africa since 1963 and delivers communications , energy , safety , security , and digital solutions .
NEC XON has experience in helping businesses to thwart human-operated ransomware attacks through swift responses . For instance , one African government entity , upon detecting an impending attack , called for support and NEC XON managed to regain control by methodically identifying and eliminating the threat actor ’ s access points . This involved a comprehensive sweep of their systems over several days , isolating and addressing every potential vulnerability . p
40 INTELLIGENTCIO AFRICA www . intelligentcio . com