The war against cyber threats has never been more critical — or ferocious. The ever-growing number of sophisticated attacks on the horizon means organisations must evolve and adapt their cybersecurity strategies to protect their data, systems and reputation. NEC XON, a cybersecurity leader, is at the forefront of this fight, pioneering innovative approaches to enhance cyber defence and resilience.
The changing landscape: a call for vigilance
Recent findings from the Microsoft digital defence report have unveiled some alarming statistics. Human-operated ransomware attacks have surged by a staggering 200% and it’s not just large corporations that are in the crosshairs. Small and medium-sized businesses, with fewer than 500 employees, represent 70% of the organisations hit by these malicious attacks. Password-based attacks have also witnessed a significant spike, underscoring the need for organisations to adapt and prepare for the ever-evolving cyber threat landscape.
NEC XON’s cybersecurity strategy foundation lies in the core principles of threat detection, response and anticipation. Our proactive approach to threat anticipation is the new frontier of defence, where we calibrate our readiness based on known vulnerabilities and observed attack techniques. This approach empowers us to reduce risk gradually while fostering business transformation and innovation.
A real-world example
Consider this scenario. Organisation A falls victim to a cyberattack due to a compromised credential used to access its customer infrastructure via VPN without multi-factor authentication (MFA).
Threat anticipation is observing the attack tactics, going to all customers and partners and assisting them to enable MFA on VPN via a unified identity-centric strategy that is centrally controlled. Threat detection is detecting that there was an attempt to log into VPN via a compromised credential but was mitigated by MFA and additional controls applied as part of the identity-centric architecture.
Threat Response is disabling the identity that was compromised, changing its password and limiting its ability to log into any business application, protecting business assets and maintaining cyber resilience.
The role of cyber innovation
In a landscape where cyber threats are prolific, the ability to innovate cyber strategy is crucial. We adopt an adversary-centric mentality, allowing us to view our customers’ organisations through the eyes of modern adversaries. By anticipating attack opportunities in the process of threat modelling and mapping them against current safeguards, we can pre-emptively strengthen defences. Here’s a cheat sheet with some key tactics to remember:
Key tactics for cyber resilience
- Map and reduce your perimeter: Identify and secure all potential entry points for adversaries, from VPNs to public-facing systems and login interfaces with no MFA.
- Architecturally redesign your infrastructure: Implement network segmentation to limit lateral movement within your network and gain control over adversary pathways.
- Adopt a unified and identity-centric approach: Strengthen identity and access management (IAM) solutions to ensure MFA across the entire network.
- Reinforce privileged access control: Prioritise securing privileged access to seal off unauthorised pathways and closely monitor authorised access.
- Prioritise basic cyber hygiene controls: Implement fundamental cyber hygiene practices, such as changing default credentials and reducing over-privileged users and groups.
- Build a robust incident response plan: Prepare for cyber incidents with a well-defined response plan that includes communication, coordination and testing.
- Use a vigorous XDR solution: Implement extended detection and response (XDR) to correlate signals from various security products and execute rapid threat response actions.
- Maintain tested & isolated backups: Regularly back up critical data and applications, isolate them from the production environment and test their restoration.
- Educate and guide the board of directors: Ensure that the board understands the evolving cyber risks and aligns cybersecurity investment with a defence-centric strategy.
Cybersecurity is no longer just a matter of implementing security tools and services. It requires a holistic, proactive approach that incorporates threat anticipation, innovative thinking and a strong defence-centric strategy. NEC XON is at the forefront of this paradigm shift, leading the way in preparing for the cybersecurity challenges of tomorrow. In a world where cyber threats continue to evolve, our approach to threat anticipation is our first line of defence, ensuring that the pleasure of protection is all ours.
About NEC XON
NEC XON is a leading African integrator of ICT solutions and part of NEC, a global Japanese firm. The company has operated in Africa since 1963 and delivers communications, energy, safety, security and digital solutions. It co-creates social value through innovation to help overcome serious societal challenges. The organisation operates in 54 African countries and has a footprint in 16 of them. Regional headquarters are located in South, East and West Africa. NEC XON is a level 1-certified broad-based black economic empowerment business. Learn more at www.nec.xon.co.za.
- The author, Armand Kruger, is head of cybersecurity NEC XON
- Read more articles by NEC XON on TechCentral
- This promoted content was paid for by the party concerned