Close Menu
TechCentralTechCentral

    Subscribe to the newsletter

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    Facebook X (Twitter) YouTube LinkedIn
    WhatsApp Facebook X (Twitter) LinkedIn YouTube
    TechCentralTechCentral
    • News

      The real cost of a cashless economy

      16 July 2025

      Larry Ellison, 80, is now world’s second richest person

      16 July 2025

      Solly Malatsi seeks out-of-court deal in TV migration fight

      15 July 2025

      South Africa’s telcos battle to monetise 5G as 4G suffices for most

      15 July 2025

      Major new electric car brand launching in South Africa

      15 July 2025
    • World

      Grok 4 arrives with bold claims and fresh controversy

      10 July 2025

      Samsung’s bet on folding phones faces major test

      10 July 2025

      Bitcoin pushes higher into record territory

      10 July 2025

      OpenAI to launch web browser in direct challenge to Google Chrome

      10 July 2025

      Cupertino vs Brussels: Apple challenges Big Tech crackdown

      7 July 2025
    • In-depth

      The 1940s visionary who imagined the Information Age

      14 July 2025

      MultiChoice is working on a wholesale overhaul of DStv

      10 July 2025

      Siemens is battling Big Tech for AI supremacy in factories

      24 June 2025

      The algorithm will sing now: why musicians should be worried about AI

      20 June 2025

      Meta bets $72-billion on AI – and investors love it

      17 June 2025
    • TCS

      TCS+ | MVNX on the opportunities in South Africa’s booming MVNO market

      11 July 2025

      TCS | Connecting Saffas – Renier Lombard on The Lekker Network

      7 July 2025

      TechCentral Nexus S0E4: Takealot’s big Post Office jobs plan

      4 July 2025

      TCS | Tech, townships and tenacity: Spar’s plan to win with Spar2U

      3 July 2025

      TCS+ | First Distribution on the latest and greatest cloud technologies

      27 June 2025
    • Opinion

      A smarter approach to digital transformation in ICT distribution

      15 July 2025

      In defence of equity alternatives for BEE

      30 June 2025

      E-commerce in ICT distribution: enabler or disruptor?

      30 June 2025

      South Africa pioneered drone laws a decade ago – now it must catch up

      17 June 2025

      AI and the future of ICT distribution

      16 June 2025
    • Company Hubs
      • Africa Data Centres
      • AfriGIS
      • Altron Digital Business
      • Altron Document Solutions
      • Altron Group
      • Arctic Wolf
      • AvertITD
      • Braintree
      • CallMiner
      • CambriLearn
      • CYBER1 Solutions
      • Digicloud Africa
      • Digimune
      • Domains.co.za
      • ESET
      • Euphoria Telecom
      • Incredible Business
      • iONLINE
      • Iris Network Systems
      • LSD Open
      • NEC XON
      • Network Platforms
      • Next DLP
      • Ovations
      • Paracon
      • Paratus
      • Q-KON
      • SevenC
      • SkyWire
      • Solid8 Technologies
      • Telit Cinterion
      • Tenable
      • Vertiv
      • Videri Digital
      • Wipro
      • Workday
    • Sections
      • AI and machine learning
      • Banking
      • Broadcasting and Media
      • Cloud services
      • Contact centres and CX
      • Cryptocurrencies
      • Education and skills
      • Electronics and hardware
      • Energy and sustainability
      • Enterprise software
      • Fintech
      • Information security
      • Internet and connectivity
      • Internet of Things
      • Investment
      • IT services
      • Lifestyle
      • Motoring
      • Public sector
      • Retail and e-commerce
      • Science
      • SMEs and start-ups
      • Social media
      • Talent and leadership
      • Telecoms
    • Events
    • Advertise
    TechCentralTechCentral
    Home » Company News » 7 steps to defend your business against cybercrime

    7 steps to defend your business against cybercrime

    By Sibusiso Sishi3 September 2021
    Twitter LinkedIn Facebook WhatsApp Email Telegram Copy Link
    News Alerts
    WhatsApp

    Sibusiso Sishi, a cybersecurity specialist with IronSky, shares the playbook for keeping businesses safe against cyberthreats.

    Ransomware attacks have been on the increase in 2021, and so have the pay-outs criminals are demanding from the businesses they target.

    Even critical infrastructure, such as hospitals, electricity companies and water boards, have come under attack. Previously such facilities were considered “safe” as, should the infrastructure be compromised, human lives could be lost.

    The most public and consequential ransomware attack in 2021 (so far) was the one against Colonial Pipeline in the US, which shut down the company’s billing and halted the pipeline’s operation on the US east coast. The criminals stole nearly 100GB of data and threatened to release this information if they were not paid 75 bitcoin (R53-million at the time of writing). The criminals eventually made off with a pay-out of millions.

    Learn more at ironsky.co.za

    Closer to home, Transnet had over a terabyte of personal data, financial reports and other documents ransomed, according to news reports.

    Taking charge

    There are easy wins that can be implemented in organisations to improve their security posture, making it harder for criminals to breach their defences.

    1. Know your ICT network internally and externally
    Shadow IT and legacy systems placed in production and then forgotten about are a real risk to organisations.
    When employees bring their home devices onto the network or install applications without approval from the IT department, they can introduce security risks to through data leaks and compliance violations, or worse: infected devices or infected software. Shadow IT is not only devices and software on workstations but can also be cloud-based software such as Dropbox, Google Docs, Skype, e-mailing services and other third-party cloud solutions. Monitoring the network and understanding what users are bringing into the organisation or installing, and what third-party services users are utilising should be investigated and known.

    Legacy systems can introduce vulnerabilities and risks to the organisation, especially if they have been forgotten by the IT team. Identifying these, and starting a process to replace them, should be prioritised. If those systems cannot be replaced, the monitoring of ingress and egress traffic to these systems should be implemented, as well as access control lists to limit which systems can interact with these legacy systems.

    2. Implement a vulnerability management lifecycle
    Implementing a vulnerability management lifecycle is vital for the organisation as it can assist in identifying security weaknesses before they lead to a breach. Part of the vulnerability management lifecycle is to have an updated IT asset list and to be continuously scanning for new devices on the network for vulnerabilities, misconfigurations and threats.

    Another aspect of vulnerability management includes validating the urgency and impact of each vulnerability based on various risk factors and responding to the critical threats swiftly.

    3. Implement multi-factor authentication on all externally facing portals
    Users, willingly or unwillingly, create weak passwords for accounts, or share their credentials across multiple social media or third-party websites. The risk comes in when these third-party websites get breached, and those credentials get exposed.

    These credentials can be “replayed” across the Internet to see what other systems they have access to. By implementing multi-factor authentication — either by SMS or app (more secure) — there is another layer in the defence of the organisation to stop the criminal from gaining access. It helps, too, if users create weak passwords.

    4. Don’t give users local admin rights on their workstations
    Local administrator rights should be removed from users’ workstations. Ransomware thrives when it has access to a workstation where the user has local administrator rights as the ransomware obtains the same rights as the user and can therefore download and install other tools.

    Additionally, users who have local administrator rights may download malware and install it, as they do not know what is safe and unsafe. By removing the user as a local administrator on their workstation, companies can help keep the computer in compliance with the policy, such as what software may be installed and what shouldn’t.

    According to BeyondTrust’s Microsoft vulnerabilities report for 2021, “enforcing least privilege and removing admin rights eliminated 56% of critical vulnerabilities”. Fewer vulnerabilities mean fewer opportunities for attackers to compromise your network.

    5. Install Laps
    The “Local Administrator Password Solution” (Laps) provides management of local account passwords for domain-joined computers. Microsoft Laps works by randomising each local administrator password of all Windows endpoints. Laps is a great mitigation tool against lateral movement and privilege escalation as each Windows endpoint has a unique local administrator password that if compromised cannot be used to gain access to other Windows endpoints. The management of these passwords is done entirely through Active Directory components.

    6. Perform a compliance review on OS for workstation and server, and harden
    The goal of systems hardening is to further protect your organisation by reducing vulnerabilities in your applications, systems and IT infrastructure. Compliance reviews help to ensure that your workstations and servers are aligned to best practice as set out by the vendor, and that default configurations, that may hamper the security of the workstation or server, have been disabled.

    7. Ensure all service account passwords are long and complex and disable interactive logon
    Often, once the service account has its password set, it is forgotten. Frequently, IT staff do not know the password (which has likely never been changed since it was set many years ago). Attackers hunt for service accounts, as their passwords may be weak and these accounts have access to critical servers. Once the credentials of the service account have been compromised, we find that the service account has interactive logon, allowing attackers to have remote desktop sessions on servers.

    Ensure all service account passwords are long and complex, disable interactive logon and monitor the usage of service accounts.

    Everyone has the inalienable right to own and control their data. IronSky is an advisory service made to protect that right.

    • This promoted content was paid for by the party concerned


    Colonial Pipeline IronSky Sibusiso Sishi Transnet
    Subscribe to TechCentral Subscribe to TechCentral
    Share. Facebook Twitter LinkedIn WhatsApp Telegram Email Copy Link
    Previous ArticleStandard Bank throws down the gauntlet to M-Pesa
    Next Article Crypto watch | Polkadot, the sleeping giant?

    Related Posts

    More good news for South Africa

    19 November 2024

    The extraordinary cost of bailing out South Africa’s SOEs

    16 October 2024

    The crime problem crippling Eskom and Transnet

    4 September 2024
    Company News

    Mental wellness at scale: how Mac fuels October Health’s mission

    15 July 2025

    Banking on LEO: Q-KON transforms financial services connectivity

    14 July 2025

    The future of business calling: Voys brings your landline to the cloud

    14 July 2025
    Opinion

    A smarter approach to digital transformation in ICT distribution

    15 July 2025

    In defence of equity alternatives for BEE

    30 June 2025

    E-commerce in ICT distribution: enabler or disruptor?

    30 June 2025

    Subscribe to Updates

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    © 2009 - 2025 NewsCentral Media

    Type above and press Enter to search. Press Esc to cancel.