May 16, 2024

Before, during, and after: How SA organisations can best counter and respond to cyberthreats

By Prenesh Padayachee, Chief Digital Officer at SEACOM

Whether you’re running a small business or a giant multinational, cyber resilience must be treated with equal seriousness and attention. Enterprises and institutions cannot afford to disregard the ability to prevent, withstand, and recover from cybersecurity incidents.

Just this year, South Africa’s Companies and Intellectual Property Commission (CIPC) announced it had suffered an attempted security breach that threatened the personal information of the commission’s employees and clients. This led to the commission shutting down its IT systems and completing subsequent maintenance, but not before it complied with all regulatory requirements and informed parties, including the Information Regulator and State Security Agency.

Such incidents demonstrate how organisations need to have protocols and a response plan in place for potential breaches. To do that, they need an understanding of the correct course of action, what’s expected of them, and how to best mitigate threats to business continuity, performance, and assets.

Fortified walls and minds

“Is my organisation adequately prepared to respond to a breach?”

Cybersecurity encompasses several practices, ranging from the installation of off-the-shelf software to specialised hardware and architectures that best protect your data and systems. Cybersecurity ranges from securing your network, using solutions such as data loss prevention (DLP) and identity access management (IAM), and securing company devices such as laptops using endpoint security products that protect them against phishing and ransomware attempts.

Data backups are also essential, consolidating everything from electronic spreadsheets to manufacturing and operational technology (OT) data. Keep in mind that software applications can be replaced, so when it comes to backups, company data should always take priority.

Second to investing in cybersecurity is investing in culture. An effective security culture is critical in countering an ever-changing threat landscape and it is not possible to manifest without buy-in from an organisation’s leadership team. Leaders need to foster an environment of responsibility and accountability, of continuous learning through training and cross-departmental collaboration.

Organisations can further reinforce this culture with the help of a dedicated security operations centre (SOC) to continually monitor and analyse its overall security posture. SOCs and other efforts are all proactive in execution, and get you as an organisation ready to counter any cyberthreat.

Keep calm, and take action

During a breach, organisations need to make sure internal communication is clear and concise, that all channels are open, and that there are no information siloes i.e. departments or teams that are not fully aware of the situation.

Ideally, organisations should have a designated communications system that does not rely on its IT infrastructure and would not be compromised along with it. Organisations should also make all affected stakeholders, including end customers and regulatory bodies, aware of the incident and regularly update them on the situation.

There also has to be prioritisation. Organisational leadership needs to determine what are the top priorities in the event of a failure or disruption. Know what systems need to be rebuilt or recovered first, or where teams need to focus their recovery efforts. Know what system dependencies need to be restored first.

Leadership should also work closely with their IT teams to ensure business continuity, while giving them the space to complete priority tasks without distractions or inconsequential assignments.

When the dust settles…

“What are my objectives and obligations in the wake of a breach?”

Kickstarting the recovery process, organisations or their IT service providers need to determine the extent of the damage and quantify any losses they may have incurred. This is in addition to formulating a timeline of events, documenting how the incident occurred and who it affected.

A successful recovery process is one that achieves a return to normality, where it’s business as usual for the organisation. In the interim, IT teams can restore functionality and assets by replacing or cleaning data drives and downloading any lost data from a backup. Teams can also activate cloud-based replicas of their network environments to keep business going during the investigation process.

Of course, one must always learn from experience. In the wake of an incident, organisations should, at minimum, implement preventative measures or conduct further vulnerability tests to ensure the incident does not take place again. Assess what vulnerabilities or weak spots there may be in your security culture and investigate personnel behaviours that need to be discouraged. All this and more lets you and the enterprise learn more about what happened, and what needs to happen next.

South African enterprises need to know they’re not alone when it comes to fending off cyberattacks. By collaborating with trusted security vendors, and seeking out the right solutions and expertise, enterprises can reinforce their cyber posture and resilience and equip themselves for anything that comes their way.