For the last 20 years, national governments across the world have dedicated increasing amounts of attention and time to cybersecurity strategies at the state level. A broad range of threats has been discovered across all sectors, including critical infrastructure and sovereignty, the activity of private firms, and, at the individual level, identity, and data theft.
All nations face similar challenges as technology generally moves faster than regulation and new mandatory processes. In addition, the emergence of the Internet of Things (IoT) networks, near-universal internet use, and a reliance on online services, among other factors, has meant a greater number of potential attack vectors. Cybercrime is so rife it can be described as an industry in its own right.
In 2012, to meet the rising threats, the South African government created a National Cybersecurity Policy Framework (NCPF). The policy sets out measures and standards for coordination across government bodies. It also began a process of greater regulation in terms of private and public entity data management. But it wasn’t until 2018 when reporting cyber-attacks became mandatory, and companies became financially liable.
In many ways, South Africa’s cybersecurity statistics from the last ten or so years are fundamentally unreliable because of the lack of regulation, and since 2018, there has been an unsurprisingly marked increase in the number of attacks. At the state level, the development of a comprehensive cybersecurity plan was further hindered by shifting priorities and, as some commentators note, poor governance.
Come 2020 and the coronavirus pandemic has highlighted many of these failings. According to the Ponemon Institute, South Africa is ranked among the top five most-attacked nations in the world.
The current climate makes us prime targets for both misinformation and intercepted data. Imagine, if you will, the millions of data transmissions sent every day from people working from home on networks that represent potential vulnerabilities because of the increased number of access points.
Additionally, with a populace poised to fall for the kind of socially engineered attacks threat actors frequently employ, the nation is facing a double pandemic of sorts, with one virus rather more tangible, while the virus of cybercrime lingers unseen but still highly dangerous.
Hendrik Fourie, a cybersecurity manager at Blue Turtle, notes: “As a country, we have a real problem with cybersecurity, which speaks to the ease at which cybercriminals believe they can infiltrate our security defenses.”
Staying safe and secure online is largely a matter that individuals and companies must face alone, as state measures can only stretch so far. Plus, as we’ve seen, state measures can leave a lot to be desired. To avoid falling victim to one of the 577 attempted malware attacks that happen in South Africa every hour, tight cybersecurity strategies are a must, for individuals and businesses alike.
5 Essential Cyber Security Strategies
Remote worker security
The sudden shift to remote working and an increase in the number of employees working on personal devices spells trouble for companies, and for individual staff members who may be held accountable for their lack of best practices and/or failing to follow cybersecurity protocols. With many companies already facing financial trouble courtesy of COVID-19, mitigating the risk of a dispersed, decentralized workforce is essential.
- Wherever possible, supply employees with work devices to limit the use of personal computers for work practices.
- Establish a remote worker cybersecurity policy. Use a security expert if necessary.
- Supply remote staff with antivirus, antimalware, enterprise-level firewall protection, and any other security software that the business needs.
- Ensure all staff is working on a Virtual Private Network (VPN) to shield their activity from any prying eyes and to encrypt data transmissions.
- Use email scanners to detect malware masquerading as legitimate emails.
Use multi-factor authentication
The days when a single sign-in sufficed are long gone. Nowadays, all accounts, whether personal or business-related, need to be secured with two-factor or multi-factor authentication.
Make sure the basics are adhered to
Despite constant warnings from cybersecurity professionals, too many individuals and companies fail to adhere to basic digital hygiene practices.
- Use long and strong passwords of at least 12 characters. A mix of upper and lower-case letters, numerals, and special characters is essential.
- Get a password management system, such as LastPass to keep all account info in a safe vault.
- Sign out of accounts when finished.
Enable updates, always
Updates allow software manufacturers to patch any critical security issues. But they’re only effective if they are actually installed. Companies should ensure all devices have automatic updates enabled. Individuals should consider doing the same. It’s particularly important that operating systems (OS) are kept at the latest release.
As mentioned earlier, criminals are profiteering from the havoc caused by the pandemic and are seeking to cash in with a number of novel phishing attempts. Learning what phishing is and how to detect it can significantly decrease the risk for enterprises and individual users alike. Look out for the telltale signs:
- Poor grammar.
- Logo and/or branding look a little off, or wrong somehow.
- A sense of urgency.
- Emails/text messages that ask you to enter account credentials.