Cybercrime in South Africa: The battlefield has shifted

Jun 27th, 2016

Arbor Networks logo

Although the majority of South African businesses are investing in their security infrastructure, many are doing so in the wrong places. “South African businesses are not investing in the right areas for todays’ threats. The battle has shifted and businesses now need to worry about highly motivated human adversaries,” says Mark Campbell, consulting engineer for sub-Saharan Africa at Arbor Networks, the company that helps secure the world’s largest enterprise and service provider networks from distributed denial-of-service (DDoS) attacks and advanced threats.

He explains that these modernday foes do things that can’t be stopped purely with technology. “For instance, they do their reconnaissance in a human way to understand your technologies, processes and people.  They will use social media to understand your staff, affiliates and partners. They watch for press announcements about your technology upgrades. They will then rent the equipment, online or physically, to craft and test their attacks against,” he says.

Campbell adds that all of this points to a fundamental problem with “traditional” security infrastructure. That is, the attacks do not rely purely on malware anymore or the use of stolen credentials. “Threat actors will use business partners to get inside your environment or supply chains linked to your business. Traditional security infrastructure relies on a ‘detect and response’ strategy.  It tries to sort events into priority lists, where incident responders (IR) will focus on high priority alerts first.  The human adversary doesn’t work in a way that can stopped by a ‘detect and response’ strategy.  Leading organisations have moved to a ‘seek and contain’ strategy,” he continues. “They invest in more forward leaning strategies, which involve threat hunting.  This uses the human defence element, the incident responders’ brains instead of relying purely on technology.”
Campbell highlights that the real dangers posed by cybercrime to South African organisations are multifaceted. “For instance, the current trends are for attackers to use all weapons at their disposal to maximise chances of success,” he says. “They use combined arms, like in conventional warfare where a region is bombed before invasion, because this grants them much better chances of success.  In cybercrime, it is similar, where attackers use DDoS attacks to disguise their ‘invasion’.  So the dangers to South African organisations can be that of a total breach of their availability, confidentiality and integrity, on all fronts, like reputation, data and business fronts.”
Whether South African businesses have the skills to cope with increased security threats depends on how they use their key resources: their people, Campbell points out. He says that in the traditional security approach, businesses train or shape the skill set of their people to fit to technology they have, or are investing in. “They should rather look at their peoples’ skills and match that to the technology instead,” he highlights.

“The rise of mobile malware and the Internet of Things will also have an impact on security strategies within South African organisations.” Campbell believes that there will be greater focus and emphasis placed on network and traffic visibility.  

“You cannot protect what you cannot see.  Looking at mobile malware, you need to understand what the devices are that connect to your network, and what they are doing.  The Arbor Worldwide Infrastructure Security Report (WISR) stated that 40 percent of our respondents had nothing in place to monitor BYOD.  They have policies around BYOD but no way to monitor the activity of these devices. Security strategies need to do more in getting visibility into networks and the movement of data.  For instance, understanding who gets access to the infrastructure and data and what are they doing with it.

“As organisations move data from their internal data centres into the cloud, Cloud Access Security Brokers (CASB), which act like reverse proxies, are involved in the Digital Rights Management (DRM) and control of who can see what data, who can download and view, or who can retain and read it offline, or if it can only be accessed while online,” concludes Campbell. “Modern security strategies need to define these granular policies: what is sensitive data, who accesses it and how can it be accessed.  This is mostly driven now because of data moving to the cloud, but why did organisations never do this internally when data was kept internal to their networks?”

For more information about Arbor in Africa, please contact Bryan Hamman at [email protected]