The Attacks From All Angles 2021 Mid-year Cybersecurity Report by Trend Micro highlighted a 47% year-on-year increase in email threats as well as malicious files and URLs in the first quarter of 2021 globally.
South Africa’s technology landscape is almost identical to that of other countries, which has seen black hat hackers using it as a testing ground for cybersecurity attacks before these are launched on their intended end-users.
Ransomware Remains the Prime Threat
Globally, ransomware remained the standout threat in the first half of the year. The pandemic has highlighted how easy it is to buy ransomware as a service (Raas) on the dark web.
Africa accounted for 1.7% of these attacks, with 1.05% being targeted at South Africa. Our findings show that locally, South Africa was in the top 30 countries in the world (#27) to be targeted by malware attacks, and in the top 20 (#19) to fall victim to email threats related to COVID-19.
The latter was also off the back of a 4% global increase in Business Email Compromise (BEC) attacks.
How Much is South Africa Spending on Security?
Cybersecurity spend among Trend Micro’s customer base in South Africa has increased by between 30-40% year on year, alongside an uptick in new customers.
We expect to see the maturity of these customers increase sharply in the coming year because it’s no longer a case of if you are going to fall victim to cybersecurity breaches, but rather a case of when.
Pre-pandemic, when most of the workforce was office-based, it was easier to secure endpoints and a company’s data centre. Traditional perimeter security has disappeared. It is now found wherever your workforce is located – at their homes, in hotel rooms, coffee shops, or coworking spaces.
Now, the task requires moving workloads to the cloud and securing every employee, their homes, and personal mobile devices, all of which have become companies’ new data centres.
This has seen Virtual Private Networks (VPN) usage reached an all-time high in 2020. However, this sudden shift to the cloud and global reliance on VPNs has also seen an increase in phishing emails that appear to come from IT asking for admin login credentials, fake installers embedded within malware, and malicious link baiting.
What is Virtual Patching?
The transition from on-premise to cloud-based working platforms has made virtual patching invaluable, and yet it remains a very big challenge within the South African context that requires urgent attention.
Much like a plaster that is placed over a wound, virtual patching allows the cybersecurity team to secure the company’s identified vulnerabilities, while the COS team restarts their servers and machines post update.
Cybersecurity Processes Must Be Streamline But Still Reliable
As cybersecurity threats continue to increase in frequency and sophistication, Security Operations Center (SOC) teams must streamline their security processes without sacrificing reliability.
One way to do that is through Endpoint Detection and Response (EDR), which continually monitors and responds to mitigate cyber threats. EDR acts like a CCTV camera that records all the activities that occur at an endpoint.
While it might not be able to prevent a cybersecurity threat, it can playback the breach to strengthen cybersecurity retrospectively and secure any vulnerabilities from future attacks.
Another approach is the Zero Trust model, which recognises that trust may be a vulnerability. It only authorises selective access to employees and devices based on the least required access that is needed to perform tasks to prevent cybersecurity threats.
It is vital to consider the people, process, and technology trifactor upon which cybersecurity is built. Despite having access to the latest cybersecurity technologies and an internal COS team that is supported by third-party cybersecurity suppliers, buy-in and know-how from the employees within the organisation is key.
By Zaheer Ebrahim, Cyber Security Consultant at Trend Micro.