5 things technology leaders wish their boards knew about cybersecurity response

South Africa loses R2.2 billion per year to cybercrime, according to a 2020 Accenture report. Kaspersky research shows that 32.5% of local users were affected by online threats last year. Four out of five South African organisations – 78% – were hit by ransomware in the past year, a considerable increase from the 51% that reported an attack in 2022, and well above the global average of 66%. This is according to a new independent report from Sophos which surveyed 3 000 IT/cybersecurity leaders in 14 countries, including 200 in South Africa.

What all this means is that mitigating and responding to cyberattacks is a full-time job. Business leaders across all levels of the organisation need to understand what they risk if the company and its people don’t know how to mitigate and respond to threats effectively.

87% of South African businesses surveyed by Kaspersky in 2022 experienced cyber security skills shortage.

Port443 director and co-founder Tony Walt says that while cybercrime has traditionally been seen as a problem for businesses with IT infrastructure, attacks have become more sophisticated. Operational Technology – aka OT, the systems that manage industrial machinery in mines, factories and power plants – is now as much at risk as IT is.

Below he outlines five things technology leaders wish their boards knew about cybersecurity response.

1.    Plan for an incident – It’s critical that all businesses, irrespective of their industry, have an incident response (IR) capability. Simply put, IR is a set of processes and procedures to follow each time an incident occurs. To set this up, companies do a comprehensive risk assessment, review existing policies and measures, and put in place the necessary policies and technology to safeguard the business’ assets daily. Most adhere to global best practices like the NIST framework, that simplify the process.

2.    Your response has to be systematic – There are a specific set of steps that need to be followed every time an attack is detected. These standard IR steps are almost universally followed (with good reason): Preparation, Identification, Containment, Investigation, Eradication, Recovery and Follow-up. This process might seem slow and painful when an attack is underway, but is essential: to successfully prosecute hackers, you need to show you have followed specific steps and maintained a chain of evidence. 

3.    Your security posture can impact your customers’ business – Suppliers and customers are entrusting more and more of their data to businesses as digitisation continues. This means that they expect you to keep their data safe, and will ask you questions about your security posture before they agree to do business with you. Your insurer will also want to know that you have an IR capability before they grant you cybersecurity cover. Ignoring your security posture is not an option.

4.    You are responsible – Boards and management are accountable (and can be held personally liable) for breaches affecting the business and its customers/suppliers. This means, among other things, that you will need to ensure IR is tightly integrated into the business operations. People from board level down will need to be involved in incident response – from security officers to spokespeople and your legal team – and they need to understand their roles and how to execute them. This needs to be driven by senior management; IT cannot be left to fight these fires on their own.

5.    Keep to the right side of the law – Understanding the legal implications of cybersecurity attacks is a must for business leaders. This includes understanding the requirements of data protection regulations like the Protection of Personal Information Act, being conversant with their obligations in terms of the Companies Act, and having an understanding of things like the legalities of paying ransom in the case of ransomware attacks. 

The cybersecurity space is incredibly fast moving, Walt emphasises. According to AV-Test Institute some 560 000 new pieces of malware are detected every day. Ongoing testing of your response processes is critical, he says, as is ensuring you stay up to date with the latest technologies to help manage and mitigate the growing threat landscape.

 Read Next: Trend Micro 2023 Cybersecurity Predictions: A Year of Caution and Adaptation