Lukas Van Der Merwe, Specialist Sales Executive, Security, T-Systems South Africa
I believe that we are on the brink of a major transformative phase in Cyber Security in South Africa.
The promise of POPIA being put into practice and the imminent Cyber Crime legislation combined with a continued digitisation drive from business and the availability of cognitive technologies is laying the foundation for corporations to emerge victorious from the chrysalis with much more focus on effective detection and response while still maintaining sophisticated protection as part of their Cyber Security DNA.
The risk I perceive is that many organisations may be left behind in a caterpillar like approach while others may remain in the pupal state, overwhelmed by the complexity of the challenge. Those who emerge from the Chrysalis, able to adapt and leverage what’s on offer in terms of Cyber Security, will be much better prepared to grow sustainably in a digital world.
From Perimeter Defence to Pervasive Cyber Security
As we make headway into 2020 we must accept a few indisputable truths:
- Cyber threats are increasing in sophistication and frequency of occurrence
- The attack surface of our companies has expanded far beyond the traditional enterprise perimeter
- Cyber criminals are resourceful, professional, persistent and well-funded · IT is digital and disruptive change is the norm ·
- Cyber-attacks now regularly bring businesses to a standstill in South Africa and globally.
Against this backdrop, modern cyber security must become integrated at every business level. It needs to evolve into a pervasive and active presence ensuring operations and data integrity are not disrupted. It is vital that IP remains confidential and customer privacy is protected in accordance with regulations.
In a digital world with billions of people and even more devices connected to the internet via private, public and corporate networks, cyber security has become a priority concern. T-Systems estimates 7.8 billion people and 50 billion connected IOT-Devices by 2020.
Frequency and sophistication of attacks are increasing exponentially year on year and an attack or breach is inevitable. T-Systems observed an increase in attempted attacks per 24 hour period from 4m in 2017 to 43m 2019. (Global figure represented as an aggregate of the data from all 17 T-Systems Security Operations Centres) That’s nearly 2000 attempted attacks per minute.
Against this backdrop, as highlighted by IBM’s 2019 cost of a data breach report conducted by the Ponemon Institute, the key contributing factor to the cost of a data breach is time. Time to detect and time to respond. Protection, while vitally important is not enough. More focus should be placed on the organisations resilience post attack/breach.
According to IBM’s 2019 cost of a data breach report remediation takes on average 231 Days in South Africa of which 175 days represents the time to identify and 56 days to contain.
Advanced Cyber Defence enabled by Security Orchestration Automation and Response (SOAR) technology combined with Artificial intelligence offers organisations an opportunity to detect and respond much faster limiting the extent and the cost of a breach. According to Gartner, a mere 13% of South African organisations are deploying SOAR technology. For some the shortage of skills are prohibitive and for many it is the associated costs. However, depending on the specific attack vector deployed by cyber criminals, SOAR technology could reduce the extent and cost of cyber events exponentially turning weeks or months into hours or even minutes.
Organizations that had not deployed security automation experienced breach costs that were 95 percent higher than breaches at organizations with fully-deployed automation ($5.16 million without automation vs. $2.65 million for fully-deployed automation).
- Breach costs at organizations without automation deployed were far costlier in 2019 than in 2018, going up from $4.43 million in 2018 to $5.16 million in 2019, an increase of more than 16 percent.
- Breaches at organizations with fully deployed automation decreased in cost from 2018 to 2019. Those breaches decreased in cost by 8 percent, from $2.88 million in 2018 to $2.65 million in 2019.
Source: “2019 Cost of a Data Breach Report,” conducted by the Ponemon Institute on behalf of IBM©
Insofar as it pertains to Cyber Insurance, this represents a difference in underwriting risk of Millions vs Thousands. The use case I explore highlights how a ransomware infection caused 3.5 weeks of production outage in 2019. A few changes in policy and an injection of technology would have reduced the impact to hours or even minutes. insurance underwriters may not know this based on the current method of assessing cyber security maturity and the two scenarios in the case study would be assessed and scored similarly.
Cyber Insurance Implications
Cyber security technology is evolving continuously but it must be noted that simply installing more technology in the absence of holistic corporate risk and data management does not improve resilience. The technology will simply enable the policies adopted by the organisation in support of the processes and governance.
Cyber threats are increasing exponentially every year and this rate of change is what many organisations fail to see. While protection remains a vital component of cyber resilience, the rate of change means a breach is almost inevitable and more focus should be placed on detection and response to improve resilience post breach.
Being more agile and innovative in assessing risks is an opportunity for insurers to not only better manage the underwriting risk but also influence positive behaviour leading to an overall increase in cyber resilience. The traditional approach of point in time or annual cyber security assessments should not be the standard mode of operating.