Second to the concept of digitization, is the challenge of cyber security being the most recent buzz word dominating both the business and cyber land space in general. Reports of numerous cyber-attacks even on government IT Networks, states and nations such as the Small Independent Caribbean Nation of Sint Maarten, the city of Atlanta, Baltimore Charlotte and Dallas just to mention a few strongly reflects the growing challenge security practitioners are faced with.
Judging from these reports, one might want to think, believe and/or perceive this events and/or attacks as being regional. In essence, the threat of cyber-attack and security being a brunt and/or burden, only to be bared and suffered by large businesses and corporations in the US or Europe alone. The fact however is research has indicated firms of all sizes and shapes irrespective of their region of operation to be susceptible to threats of cyber-attacks, Africa inclusive.
According to a 2017 survey report, “95% of African Organizations are operating on or below the security poverty line. The point at which a company can effectively protect itself against cyber crime.”
In other words, the larger portion of all organizations you and i know or can think of that are either indigenous (Nigerian owned) or African bred are potentially at the risk of experiencing cyber-attacks.
Although it is however argued that the limited communication infrastructure featured in Africa as a whole in some way lowers the potential risk of cyber crime, the implications of our infrastructural infancy also translates into less experience (on the path of IT professionals in terms of dealing with Cyber Threats) and complacency as regards tackling the issue generally.
Even more threatening are the organizations that are said to be more prone to the attacks such as SME’s operating in the financial service sector due to the nature (in terms of sensitivity) and volume of data they handle.
Nonetheless, whether or not organizations fall into the category of either being more or less prone to cyber-attacks, one thing is certain and that is there is a daring need for organizations in Nigeria and Africa at large to not only think and imbibe defensive mechanisms to tackle the risks of cyber-attacks but to also embrace strategic measures that would allow for an effective medium to address it holistic.
A good place to begin with for organizations in Africa looking to be proactive in addressing cyber related threats would be the NIST cyber security framework outlined below.
- Identify what you have and the associated risk
- Incorporate protective mechanisms to protect what you have
- Identify when threats evade the said mechanisms
- Implement capabilities to respond to incidents swiftly
- Cultivate a system to support rapid recovery
As for the firms already conscious about the eminent threats cyber-attack possess, further practical ways within which they could also allow for a better and healthier baseline of cyber hygiene is by adopting cyber security management practices such as:
Patch Management: largely, patches remain an essential tool to be engaged by IT experts in dealing with security related issues particularly ransomware attacks. They not only aid in significantly addressing exposures and security gaps but are also utilized in frequently managing applications and software products. All that would be required will simply be for the patches to be initiated in order to allow for system updates.
Interestingly utilizing Saas such as Microsoft Azure completely simplifies the process due to the automatic system update feature of cloud services. Thus relieving the burden of worrying about the stages or process required in patching systems (this could be the area of time spent in testing patch sets) as an automatic update system implies applications are always secure even without maintenance windows or downtime. Click To Learn More About The Dynamic Power And Endless Possibilities Microsoft Azure can provide your business with.
Inventory Maintenance: this may seem preliminary but having an appropriate inventory of all devices, IT assets and/or IoTs if you may, connected to the network and tracking them is an effective place to begin with. Maintaining a comprehensive inventory would allow for a more effective approach to monitoring and tracking activities undertaken with all devices connected to the network (inclusive of devices remotely connected) as one can only monitor or track devices he/she knows exist
In fairness not having a comprehensive inventory of all devices has been identified as part of the root cause of poor patch management systems featured within organizations. Hence the essential need to have an appropriate and up to date inventory.
Network Segmentation: although not necessarily a new strategy, network segmentation is being identified as a significant mechanism to combat against cyber-attacks. Attributable to this is how segmentation makes it extremely hard for an attacker to propagate an attack across the entire network. Dividing the networks into smaller segments essentially separates your applications or systems away from each other. Doing this invariably would limit the scale and/or accessible options of attack as a result of the limited communication segmentation creates. Coupled with its flexible nature of either being implemented physically or virtually, segmentation also allows for improved monitoring, containment and access control.
Bring Your Own Device Policy (BYOD): in as much as maintaining a BYOD policy that completely disapproves the use of personal devices serves as a better approach ass it entirely faces off the available threat/risk it could create, digitization has virtually transformed the work space environment. The concept of virtual office and growing demand even on the part of employees to work remotely deters the possibility of implementing policies of that nature. With that in mind initiating and implementing an effective BYOD policy is paramount. In formulating such policies clear stringent rules and regulations should be stated regarding what devices can be used or connected to the network, service policy, what applications are allowed and mechanism to address wiping out the history of employees that exist the firm e.t.c. Also important to note would be the need to appropriately educate all employees on the BYOD policy.
Cyber Exercise: this primarily is more of an approach mostly initiated to assess the current level of consciousness and/or cyber-attack culture if you may, maintained across all employees and featured within the organization at large. To deduce this, you as an IT manager can decide to send phishing emails across the entire organization with the sole aim sole of getting ideas or pointers to possible areas or individuals likely to fall prey if it were to be an actual incidence of being attacked externally.
While the suggestions and recommendations stated above may not necessarily be exhaustive, a committed implementation of the few practices stated would significant aid in building and cultivating a healthy cyber hygiene and defensive culture within any network environment.
CLICK HERE to speak to us today for further consultations on network security solutions.