Taariq Gaffoor, Southern Africa territory manager at Secureworks.
This year, we can expect to see the continued evolution of ransomware, as well as business e-mail compromise.
Ransomware will continue to get all the headlines, while in the background business e-mail compromise attacks will lead to large single-loss events that are both easier and faster to conduct for threat actors.
So says Taariq Gaffoor, territory manager Southern Africa at Secureworks. “There will also be an increase in cloud-based attacks due to the false assumption that security is built into core cloud platforms such as Azure, AWS, and others, or within SaaS applications.”
Secureworks will be presenting at the ITWeb Security Summit 2022, to be held at the Sandton Convention Centre from 31 May to 2 June, and at Century City in Cape Town on 6 June.
Gafoor says while cloud-based technologies, such as containers, make deployment easier, they also introduce additional risk. With cloud and SaaS there is often confusion in terms of who is responsible for data protection, and threat actors know this.
“This is why we should expect more attacks due to misconfigurations, vulnerabilities, and a lack of adequate controls on these platforms,” he explains.
He believes hostile nation state activity will continue to focus primarily on espionage rather than disruption and destruction. “Nation state threat actors will continue to conduct operations aimed at harvesting bulk data to support subsequent cyber operations and traditional espionage activities, as we have recently seen play out in Ukraine.”
Addressing the challenges
Speaking of what can be done to address the most pressing cyber security challenges, Gaffoor says there are several vital steps that can be taken to help tackle these.
“Firstly, companies need to prepare. To be prepared they need to understand where their weaknesses and vulnerabilities lie. Once they understand this, they can begin deploying the appropriate preventative measures to block threats from getting into their organisation, and ensure that they are proactively scanning for vulnerabilities.”
Then, he says it is important to ensure that systems are set up to help the business detect threats. “Many threats are new or unknown, so early detection across the IT landscape to pinpoint anomalies is critical.”
Finally, Gaffoor says response is key. “If you detect a threat, is your business equipped to detect, respond and resolve it before damage can be done? Bear in mind that the average time a threat lingers on the network is 212 days, so early detection and automated response is critical.”
When asked where he sees cyber security in five year’s time, Gaffoor says predicting the future in cyber is always a tricky business, because the landscape moves at a pace of its own, simultaneously both quickly and slowly.
“This year it will be five years since WannaCry and in many ways it feels like little has changed. And if we cast our gaze forward, in five years’ time I would imagine that threat actors willstill be seeking to gain political and economic advantage through espionage, crime groups will still be looking at the most efficient ways to make money and new vulnerabilities will continue to emerge.”
He says companies have little control over many of these aspects – what is within their gift is how they approach and invest in cyber security. “The one thing we always say to customer is that they must get the fundamentals right, such as patching and multi-factor authentication, to boost their cyber resilience.”
Gaffoor says organisations that don’t have the basics covered are continuing to leave the back door wide open. “Over the last year there have been a number of high-profile attacks, but we’re still seeing too few companies taking the action needed to not only close the back door but lock it. More needs to be done. Cyber resilience takes time, investment and resources. It is not an end destination or a box you can tick, but an ongoing journey.”
One element that has the potential to shape industry dynamics over the coming years is the recognition that sharing and partnerships between public and private is beneficial to all, he ends.
“For example, the recent JCDC initiative to bring the US government collaboration out into the open. The more we can create an environment where the industry’s learning from one another, the stronger our community becomes.”