- Market report: Storm of disappointing developments keep investors cautious
- AFSIC – Investing in Africa – more than just a conference
- AFSIC interview with Chris Chijiutomi, MD & Head of Africa, British International Investment
- 18th Edition Connected Banking Summit – Innovation & Excellence Awards - West Africa 2024.
- AFSIC - 5 Weeks to Go - Join our Africa Country Investment Summits
Cybercrime in East Africa targeting local business
LAGOS (Capital Markets in Africa) – Although the majority of East African institutions and businesses are investing in their security infrastructure, many are doing so in the wrong places.
A recent report by Control Risks has revealed that Government, followed by telecoms and financial services are at most risk in East Africa. Of note is that the report shows that attacks are not only carried out against multinationals operating in the region – a common misconception, but East African businesses are fast becoming the target.
“What we have seen is that the majority of East African businesses are not investing in the right areas for todays’ threats. With cybercrime costing Kenya alone two billion shillings, the battle has shifted and businesses need to seriously worry about highly motivated human adversaries,” says Mark Campbell, consulting engineer for sub-Saharan Africa at Arbor Networks, the company that helps secure the world’s largest enterprise and service provider networks from distributed denial-of-service (DDoS) attacks and advanced threats.
He explains that these modern day foes do things that can’t be stopped purely with technology. “For instance, modern adversaries do their reconnaissance in a ‘human’ way to build an understanding of their targets’ technologies, processes and people. They will use social media to understand the staff, affiliates and partners. They watch for press announcements about your technology upgrades. They will then rent the similar equipment, online or physically, to craft and test their attacks against,” he says.
Campbell adds that all of this points to a fundamental problem with “traditional” security infrastructure. That is, the attacks do not rely purely on malware anymore or the use of stolen credentials. “Threat actors will use business partners to get inside your environment or supply chains linked to your business. Traditional security infrastructure relies on a ‘detect and response’ strategy. It tries to sort events into priority lists, where incident responders (IR) will focus on high priority alerts first. The human adversary doesn’t work in a way that can stopped by a ‘detect and response’ strategy. Leading organisations have moved to a ‘seek and contain’ strategy,” he continues. “These invest in more forward leaning strategies, which involve threat hunting. This uses the human defence element, the incident responders’ brains instead of relying purely on technology.”
In addition, Campbell highlights that the real dangers posed by cybercrime to East African organisations are multifaceted. “For instance, the current trends are for attackers to use all weapons at their disposal to maximise chances of success,” he says. “They use combined arms, like in conventional warfare where a region is bombed before invasion, because this grants them much better chances of success. In cybercrime, it is similar, where attackers use DDoS attacks to disguise their ‘invasion’. So the dangers to the region’s organisations can be that of a total breach of their availability, confidentiality and integrity, on all fronts, like reputation, data and business fronts.”
Whether East African businesses have the skills to cope with increased security threats depends on how they use their key resources: their people, Campbell points out. He says that in the traditional security approach, businesses train or shape the skill set of their people to fit to technology they have in place, or are investing in. “They should rather look at their peoples’ skills and match that to the technology instead,” he highlights.
“The rise of mobile malware and the Internet of Things will also have an impact on security strategies within East African organisations.” Campbell believes that there will be greater focus and emphasis placed on network and traffic visibility.
“You cannot protect what you cannot see. Looking at mobile malware, you need to understand what the devices are that connect to your network, and what they are doing. The Arbor Worldwide Infrastructure Security Report (WISR) stated that 40 percent of our survey respondents had nothing in place to monitor BYOD. They have policies around BYOD but no way to monitor the activity of these devices. Security strategies need to do more in getting visibility into networks and the movement of data. For instance, understanding who gets access to the infrastructure and data and what are they doing with it.
“As organisations move data from their internal data centres into the cloud, Cloud Access Security Brokers (CASB), which act like reverse proxies, are involved in the Digital Rights Management (DRM) and control of who can see what data, who can download and view, or who can retain and read it offline, or if it can only be accessed while online,” concludes Campbell. “Modern security strategies need to define these granular policies: what is sensitive data, who accesses it and how can it be accessed. This is mostly driven now because of data moving to the cloud, but why did organisations not do this internally when data was kept internal to their networks?”
This article features in the October Edition of INTO AFRICA Magazine, a special focus on the Banking Sector in Africa, with an overview of the current trends and opportunities in the Sector.