The war on the web: Are organisations ready for battle?

It’s a classic movie plot. A Neolithic human somehow time travels to the twentieth century and finds himself in a buzzing modern-day metropolis. He’s at once terrified and intrigued by some of the marvels he encounters: Almost unimaginable inventions such as brightly lit billboards, elevators, TVs and toasters. It’s easy to imagine how fantastical some of our modern-day inventions would seem to someone living millennia ago, but people living one hundred, or as recently as twenty years ago, would be equally awestruck by the things that are now part of our everyday lives: Video calls, WiFi and autonomous cars.

People have always met technological advancement with mixed feelings. There’s a sense of wonder at what humans can achieve, accompanied by a sense of horror at what humans can achieve. Take the invention of the aeroplane: That timeless, universal dream of flight was finally realised with the Wright brothers’ famous first in 1903. But as the Enola Gay dropped her deadly cargo on Hiroshima just 42 years later, it showed that the dream could also become a nightmare.   

Today, the internet is one of humans’ most powerful tools – and weapons. Even mightier, it would seem, than a nuclear bomb, considering scenarios such as the Obama-era’s “Left of Launch” programme that included a cyber strategy to beat nuclear threats.

It’s therefore important to remember that, just as social engineering has developed at a dizzying pace, so has cyber crime.  The wonderfully wide worldwide web is a double-edged sword that enables organisations to work better and faster than ever before, but also puts them increasingly at risk. The ability to digitise and centralise data is great for business, because it speeds up service, vastly improves efficiency and ultimately boosts bottom lines. On the other hand, it also opens up more opportunities for hackers to do some serious damage. Take, for example, last year’s Master Deeds breach: 33 million South Africans’ private records, including their ID numbers, incomes and home addresses, were leaked onto the internet. More recently, Liberty Life suffered an attack that potentially exposed millions of their clients’ sensitive data. In an ongoing investigation by US intelligence forces, staggering reports are revealing how Russian hackers might have used tactics such as phishing to meddle in the 2016 US election and help sway votes in Trump’s favour, thereby changing the course of history.

Yet, despite the fact that the internet is the twenty first century’s trenches, many organisations are not ready for battle, and it’s estimated that 37% of companies have no or a maximum of two cyber security staff members. Unsurprisingly, a staggering 62% of organisations report receiving more alerts than what they can handle. Another case in point: There are 19 security domains that need to be carefully guarded, including security threat analysis, cloud security, network security, mobile device security and firewall configuration. But in general, only seven of them are driven by organisations’ security teams.

There are two types of organisations: Those who know their company has been breached, and those who don’t see it coming. And that’s an expensive oversight. A recent report by IBM showed that the average cost of a data breach in South Africa is R36 million every time there’s an incident. The same report also showed that the average response rate is an alarmingly tardy 150 days.

The reason why most hacks happen, is because organisations aren’t looking for them and don’t understand the behaviour on a platform or in their environment. While there are highly sophisticated and effective security solutions out there, education should therefore be the very first step when it comes to fortifying an organisation against threats. The buck doesn’t stop with the security team. Executives, right down to the ground staff should be armed with knowledge so that they know what to look out for and how to keep the wolf from the door. It’s about going back to basics and brushing up on the principles of security before investing in the latest and greatest technology.

To improve their response time and minimise potential losses, organisations should find out what’s going on in their environments right now. They have to ask themselves – What’s happening on the mobile phones, tablets or laptops that are logged onto our networks? Who and what has access to these devices? Will our ICT staff know how to identify compromises or respond to them? If they can’t answer these questions, they’re at risk.

The fact is there’s a thin line between technology being humanity’s shiniest new tool and it becoming a weapon of mass destruction. When organisations use it for good, they also need to understand how it can be used against them. In other words, they must think like a hacker. That’s when knowledge becomes a powerful force on the digital battleground.

Lastly, organisations should question their level of preparedness and regularly test their security systems. The ancient wisdom of Sun Tzu’s Art of War still rings true: “The art of war teaches us to rely not on the likelihood of the enemy’s not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have made our position unassailable.”

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *