In conversation with Mobius Binarys Praleena Mudley, Associate Portfolio Specialist at Morningstar South Africa
In today’s rapidly evolving digital landscape, safeguarding digital boundaries is more critical than ever.
Mobius Binary, a leading cybersecurity firm, provides comprehensive services to protect mobile apps, web apps, infrastructure APIs, and users from cyber-attacks. Operating globally, with a presence in Mauritius, South Africa, and the UK, Mobius Binary has a unique perspective on the regional cybersecurity landscape.
In a recent presentation, Graeme Huddy, a director at Mobius Binary, shared insights from their annual cybersecurity survey, which reflects the experiences and concerns of industries like banking, technology, financial services, and insurance. He pointed to a few key highlights from the survey:
- Cyber Attacks: 65% of respondents reported their company had been a victim of a cyber attack in the preceding year. Although this was down from 73% the previous year, 65% is still very high.
- Types of Attacks: The most common attacks were social engineering, data exfiltration, malware, ransomware, and business email compromise. Notably, most of these attacks are post-exploitation techniques, meaning the breach has already occurred.
- Root Causes: 65% of respondents cited a lack of security awareness as the root cause of cybersecurity weaknesses. Other causes included inadequate third-party controls, poor identity and access management, and insufficient monitoring of cyber threats.
A positive takeaway was that 61% of respondents indicated cybersecurity was a board-level concern. The main drivers behind this were reducing damage to reputation and trust, minimising business interruptions, and increasing pressure from external third parties.
The presentation also addressed significant challenges, such as the absence of threat profiles tailored to specific organisations, inadequate third-party controls, and legacy system vulnerabilities. These findings underscore the importance of strategic alignment and proactive measures in bolstering cybersecurity defences.
To provide a real-world context, Rob Len, an ethical hacker at Mobius Binary, shared his take on practical cybersecurity measures and their impact, offering valuable insights into how organisations can effectively navigate the complex cybersecurity landscape.
What is an ethical hacker?
In essence, ethical hackers infiltrate organisations, uncover vulnerabilities, demonstrate how data could be stolen (like emails and sensitive information), and then provide guidance on how to fix these security gaps. This process aims to protect organisations from actual malicious attacks, ultimately saving them from significant reputation or financial loss.
The Types of Hackers
To understand the threat landscape, it’s helpful to categorise hackers:
- Script Kiddies: These are individuals with minimal technical skills who use pre-written scripts or tools to perform attacks. They can still cause considerable damage despite their lack of expertise.
- Lone Wolves: These are skilled hackers who operate independently, often for personal satisfaction or challenge rather than monetary gain.
- Hacktivists: Groups like Anonymous fall into this category. They hack to promote political ends, functioning as judge, jury, and executioner.
- Organised Crime: These hackers are highly organised and financially motivated. They often engage in activities like ransomware attacks, where they lock data and demand payment for its release.
The Importance of Cybersecurity for Everyone
While reading this article, you may think “Why would hackers target me?” The answer is that attacks are often opportunistic rather than targeted. Hackers use automated tools to scan for vulnerabilities across the internet, akin to a shotgun approach rather than a targeted rifle shot. This makes everyone a potential target. Services like SHODAN and Censys scan the internet for connected devices and their vulnerabilities (the Google equivalent for connected devices). Hackers can use these tools to identify and exploit weaknesses without knowing anything about the specific victims.
Protecting Your Network
Basic cybersecurity measures are critical. Firewalls, for example, are not optional; they are essential. However, having a firewall does not guarantee safety. It’s crucial to protect against both incoming and outgoing threats. For instance, an attacker can send a crafted email that, when opened, leaks password hashes. These hashes can be cracked to reveal actual passwords. Techniques like password spraying—where common passwords are tried across many accounts—can also yield access to a network.
The Human Element in Hacking
Many successful hacks start with social engineering—tricking individuals into divulging information or performing actions that compromise security. Social media is a goldmine for gathering personal information that can be used in targeted attacks.
Mitigating Cyber Threats
To mitigate such threats, it’s crucial to make cybersecurity a senior management priority. Often, the weakest passwords belong to the most senior individuals. Implementing strong, unique passwords and multifactor authentication (MFA) across all access points is essential.
Furthermore, regular training and awareness programs can also help reduce the risk of social engineering attacks. Employees should be cautious about the information they share online and be trained to recognise phishing attempts and other malicious activities.
In conclusion, it’s vital for organisations to proactively secure their systems and educate their employees. Cybersecurity is an ongoing process that requires vigilance, investment, and commitment from all levels of an organisation in order to be carried out successfully.