Detecting and Defending against network threats

Armata assembles industry experts to delve into the level of cybersecurity required to keep organisations in business

 

JOHANNESBURG – Rather than be seen as an IT problem, it is high time organisations realise that cybersecurity is about protecting against – and reacting to – threats and attacks that could be material to stay in business. This was one of the key themes to emerge from Armata’s industry webinar, attended by well over 200 delegates, called Detecting and Defending Against Network Threats.

 

Armata’s executive head, seasoned cybersecurity expert Caesar Tonkin, kicked the event off in earnest by saying: “Cybersecurity is an essential part of running a business in today’s digital age, and this is about identifying and understanding the risks your business may face. Deep visibility into applications, users and devices are necessary to defend enterprise networks against cyber threats.

 

“Compounding the visibility problem,” he said, “is that almost all internet traffic is now encrypted. Organisations may have unknown network blind spots as they shift from hub and spoke to distributed models such as SD-WAN with direct internet access at sites. Malicious actors can exploit these network gaps, hiding threats in encrypted traffic.”

 

This set the tone for an intriguing, if not urgent in the level of importance, webinar that also included Dr Bright Gameli Mawador, cybersecurity lead at Mara in Kenya, independent cybersecurity expert Rishard Baderoon, Fortinet expert Marc Hamilton Nel and Vishvas Nayi, solutions architect at CyberQ Group in the UK. Assembling a panel of highly accomplished cybersecurity experts is aligned with Tonkin’s belief that CISOs and cybersecurity experts enhance and improve their own understanding of the tasks at hand by pooling and sharing expertise and best practice.

 

This is especially in light of the magnitude of the problem, which Nel so succinctly summarised when he referenced a massive 53% growth of ransomware and wipers in Q3 and Q4 of 2022. “This means that right now it is key for organisations to have a strong threat intel feed, but most importantly to use that feed to start looking at the pre-attack phase,” he said.

 

Baderoon shared Nel’s sentiment that there has been a massive spike in attacks in recent times, referring to the rise of ransomware over the last year as “exponential”. Mawador agreed, adding that many attacks are the result of a threat actor “targeting one person who then becomes a gateway into the entire organisation”.

 

Perhaps a frightening point to emerge from the webinar, as conveyed by Tonkin, was the fact that upwards of 60 to 70% of instances where threat actors successfully breach an organisation are as a result of poor cybersecurity housekeeping, where vulnerabilities are left unchecked. Nel took this further, stating that the average enterprise-sized organisation has more than 100,000 backlogged vulnerabilities.

 

“Naturally, due to the overwhelming number of vulnerabilities organisations must conduct risk-based prioritisation,” said Tonkin. Baderoon agreed, saying: “Time to remediate is a crucial factor – to eat this elephant you must start looking at intelligence and start building automation into that. Manpower is an issue so organisations need solutions to help with that.”

 

Mawador explained that in order to future-proof themselves, organisations needed to start moving away from the concept of cybersecurity and start looking at building cyber resilience. “Vulnerability management needs to be at the core of our resilience practice but it must form part of a holistic and measurable approach,” he said.

 

Nayi gave delegates some practical advice on how to start shifting the needle with cybersecurity and cyber resilience.

 

“It starts with visibility – you must know what you are defending,” said Nayi. “Then, in the context of finite resources you need to prioritise what to fix. If you have a risk register, that is useful, but another key understanding is the criticality of an asset if it is taken down – how long can the business survive and what would the legal, financial and reputational damage be? Another place to start is compliance. Prevention is better than cure, and so building security in from the outset will save future pain. It is important to see this discussion as a business one, and not just an IT topic,” he said.

 

The delegates unpacked various industry insights and practical ways that businesses are responding to security incidents and threats, as well as which tools are being deployed. A theme emerged that while threats and trends are common, different contexts and businesses require specialised intervention.

 

After reflecting on the successful webinar, Tonkin said that different contexts require specialised approaches and many organisations are battling with manpower and skills. “This is precisely the reason that Armata provides a differentiated cyber security-as-a-service offering,” he said.

 

“It is important for vendors in the industry to offer a service that ensures SMBs and mid markets have the basics in place in much the same way as an enterprise-level organisation. Cyber security-as-a-service essentially means that the partner becomes a cyber defence team to defend businesses’ anomalous security events and even attacks,” concluded Tonkin.