On a recent visit to BDO in Norway, it struck me that many South African businesses and organisations are increasingly exposed to cyberthreats and vulnerabilities of which they are blissfully unaware. There is no doubt that we find ourselves in an age where highly technical targeted cyberattacks are the order of the day — and South African executives don’t take these threats seriously enough.
The question board members — CEOs, chief financial officers and chief operating officers — should be asking is not “if” your company has been breached, or even “when”. Having seen the level of sophistication associated with the attack vectors and methodologies, I have no doubt that most South African businesses must now accept that it has already happened to them.
The real issues that must now be addressed at board meetings deal with the capability of the business to timeously detect and deal with the inevitable attacks. Two key issues need to be considered when dealing with the current cyberthreats:
- Appropriate design and implementation of cybersecurity defence systems; and
- The capability to detect and respond to IT security threats and breaches with appropriate levels of depth.
The core feature of SOC/SIEM/CERT technologies is the ability to gather security data from all the critical assets residing on the business’s network and to present that data as actionable information via a single interface. This provides a vast array of benefits by allowing security teams to gain a complete understanding of the IT assets’ security status, prioritise security incidents and demonstrate compliance with regulations much more efficiently.
My experience with South African company management has highlighted a degree of blissful arrogance associated with a lack of understanding of the current threats. It is interesting to examine the behaviour of a CEO delivering an address to the press following an attack and breach. The core issues are seldom addressed, and CEOs often skirt around the issues.
The European Union took a step forward on 15 June 2018 in establishing a new bloc-wide cybersecurity agency and enacting a new certification framework that advocates say will create a food label-type standard promising a level of data security on products such as connected cars and smart medical devices.
At a meeting in Luxembourg, the European Commission’s Telecommunications Council agreed on a “general approach” to a proposed law that would establish an EU Cybersecurity Agency to help member states respond to cyberthreats. The Cybersecurity Act would also create a process for connected devices EU-wide to obtain safety certifications similar to food labels. The meeting paved the way for the law to be finalised by the end of 2018 after negotiations with the European parliament, the commission said.
The new cybersecurity agency, revealed by European Commission President Jean-Claude Juncker in his annual state of the union address in September 2017, would be established out of the existing European Agency for Network and Information Security (Enisa). The agency plans to organise annual EU-wide cybersecurity exercises and put in place channels to share information on cyber threats throughout the EU.
As threats continue to evolve, so too must the processes around leading technologies to provide a business-focused SIEM/SOC-managed mitigation service that will evolve with an organisation’s needs and the constantly changing cyberthreat landscape.
It is time for South African executives and government officials to follow the example of the EU in strengthening cybersecurity.
- SOC — Security Operations Centre; SIEM — Security Information and Event Management; CERT — Computer Emergency Response Team
- Graham Croock is director, BDO IT Advisory and Cyber Lab
