Looking to enhance cybersecurity? Five top tips for business leaders
It’s been a grim year in cybersecurity for South Africa. Early in 2024, the Companies and Intellectual Property Commission (CIPC), which holds sensitive information about businesses across the country, was cagey after it suffered what it described as an ‘isolated’ attack.
A systems hack at the Department of Justice and Constitutional Development (DJ&CD) affected child maintenance payments. In June, the National Health Laboratory Service (NHLS) suffered a serious cyberattack disrupting healthcare across the country.
In July, the precious metals miner and processor, Sibanye-Stillwater, suffered a breach contained by isolating affected systems.
The State of Ransomware 2024 report from British security software and hardware company Sophos found that South African organisations rank behind only those in France as targets.
In 2024, France had the highest incidence of ransomware attacks, with 74% of respondents indicating they had been targeted in the past year, followed by South Africa at 69% and Italy at 68%.
Meanwhile INTERPOL’s latest cybersecurity report on Africa notes that “during a single week in February 2023, INTERPOL private partner Kaspersky reportedly detected over 300 cases of ransomware attempts in South Africa.”
Yet, all too often, we are lulled into treating cybersecurity as a nice-to-have, a secondary consideration, right up until it becomes the most important thing in our world. More than most, South African businesses need to shore up their defences against bad actors.
Cyber-attacks can result not only in data breaches but in material losses, damage and destruction of systems and databases, ransom demands, and, potentially, a reputational crisis, litigation, legal liability, damages and fines. Not only do business, governmental and non-profit organisations hold a wealth of sensitive data, but they’re vulnerable to being shut down by hackers using ransomware. The choice: to allow customers’ lives to be disrupted or their security compromised, or to pay up.
All of which begs the question: how can South African organisations continue to enjoy the many benefits of digital technology if they don’t prioritise security?
Well, let’s start with five tips from AWS for business and non-commercial organisations that want to enhance their cybersecurity. Most of these can be implemented at little or no cost.
- Document your security policy – Give all your employees a clear and simple reference point. Outline a set of standards to which everyone must adhere to maintain good cybersecurity. Communicate your policy throughout your organisation and make it easily accessible to everyone. The policy should include the following four tips as actions for all personnel.
- Everyone must use unique login credentials – You wouldn’t have 1234 as your bank PIN number, would you? We should be no less diligent at work. All employees must be required to use unique credentials with passwords that are strong, both in length and complexity, for all work-related login functions. Set rules for good password creation and stop bad actors unlocking multiple doors across an organisation using just one set of credentials.
- Keep admin rights, permissions and privileges tight –Make sure that you only give colleagues privileges to the IT systems and functions that are necessary for their roles. Start with an audit of existing privileges, establish a system for documenting any new permissions and perform regular access reviews. Your organisation can use cloud services such as IAM and Cognito to manage and monitor access rights easily.
- Back up your systems on the cloud – If you’ve ever had a device fail on you and taken all your pictures, conversation and emails with it, you’ll know how devastating that can be. Using a cloud backup is essential for all organisations and ensures data is secured, recoverable and can’t be easily deleted by bad actors. AWS Backup provides cloud-native back up services for a wide range of organisations’ key data stores, such as buckets, volumes, databases and file systems, across AWS services.
- Foster a blame-free culture – Good cybersecurity requires that everyone in your organisation feels able to come forward if they think there’s a problem or if they have potentially been compromised. So, avoid blame when things go wrong. Phish-testing, where the organisation sends employees fake phishing messages, does little for security and can seriously damage morale. Instead, drive greater awareness and encourage a positive, security-orientated mindset.
The five principles above are a good starting point to mitigate risks. After all, we don’t insure our homes in the expectation that we’ll be robbed or there will be a fire, but simply in case the worst happens. Putting these tips into action, together with a leadership that’s fully behind necessary investments in cybersecurity and fostering a “security culture” among colleagues will help guard against future threats.
“If you really want to drive change, look to your leadership. Cybersecurity isn’t just about technology: it starts at the top,” says Orlando Scott-Cowley, public sector tech and business development manager at AWS. “Leadership must own and foster a culture which supports cybersecurity.”
Howdy! I simply would like to give an enormous thumbs up for the great info you’ve gotten here on this post. I will likely be coming back to your blog for extra soon.
Good post. I be taught something more difficult on totally different blogs everyday. It would all the time be stimulating to read content from other writers and practice just a little one thing from their store. I抎 prefer to use some with the content material on my weblog whether or not you don抰 mind. Natually I抣l provide you with a hyperlink on your web blog. Thanks for sharing.
You actually make it seem so easy with your presentation but I find this topic to be really something that I think I would never understand. It seems too complex and very broad for me. I am looking forward for your next post, I抣l try to get the hang of it!