Today’s threat landscape is a complex one, riddled with sophisticated threats, and determined adversaries.
For one, social engineering is on the rise, as is phishing, smishing, and vishing. At the same time, the use of deepfake capabilities continues to grow, bringing zero-day malware payloads to unsuspecting users, and enabling personal and business credentials to be used to gain access to organisation systems.
So says Jayson O'Reilly, general manager, Atvance Intellect Cybersecurity, adding that business email compromise has caused significant losses for companies over the last two years, and will continue to present a major challenge to organisations going forward.
“Third-party risks will continue to plague many organisations as too many supply chain partners do not have the same budgets or skills required to protect customer information or intellectual property,” he adds.
“Also, using APIs as an attack vector continues to be a focus area for threat actors, as most businesses today cannot function without a connection to the Internet or the applications they use to deliver capabilities to their consumers. This threat vector is not considered in many organisations and hence attackers are taking advantage.”
According to O’Reilly, complex cyber technology deployments in many more mature client environments enable the noise of alerts and events to bedazzle efforts to prevent data breaches. “Similarly, silos created within teams, and across the business, still allow bad actors to reach the crown jewels without much effort.”
Accountability cannot be outsourced to any third party.
Jayson O'Reilly, Atvance Intellect Cybersecurity.
When it comes to fighting these threats, O’Reilly says it’s important to understand that cyber risks are critical risks for every organisation today, and owners and board members need to be fully aware of this.
“It's not only the finance sector that is being targeted. In fact, malefactors often prefer to focus on less cyber mature organisations before attacking financial organisations who spend millions on controls and people.”
Steps to take
O’Reilly suggests several steps to help prevent cyber attacks.
“Firstly, ensure that organisational cyber risk culture is enabled. Every employee should fully grasp their role they play in the success or demise of the business, when it comes to how the Internet is used in the company.”
Next, O’Reilly says to ensure that the business has the correct skills or trusted service providers. "Internal processes, technology, and validation need also to be in place to ensure the business risk level is adhered to and can be demonstrated everyday.”
Thirdly, he says to ensure accountability. “The executive or owner is always 100% accountable should anything happen to the business. Accountability cannot be outsourced to any third party and both POPIA and the Cyber Security Act are there to ensure we create a safer digital economy for all citizens and business.”
O’Reilly will be presenting on “The role of AI and ML in cybersecurity”, at the Cape Town leg of the ITWeb Security Summit 2022, to be held at Century City on 6 June.
Share