How to mitigate and recover from growing cyber incidents in Africa – IT News Africa

by MMC
0 comment

There is no doubt that African businesses are increasingly being targeted by cyberattacks, with incidents of ransomware, spyware and backdoors, as well as data leaks, becoming more widespread.

A recent example is the distributed denial of service (DDoS) attacks against Kenyan and Nigerian organizations by “hacktivist” Anonymous Soudan in July and August this year.

According to a report from cybersecurity firm Cloudflare, the initial group emerged in Sudan, “in response to the country’s current political and economic challenges.” They were also known for using digital activism, which includes hacking and DDoS attacks against governments and other prominent websites, to draw attention to issues such as censorship of ‘Internet.

Anonymous Sudan launched DDoS attacks against countries including Sweden, Denmark and the United States in early 2022 and continued this year, with the group announcing it would target the US and European financial sector in mid-2022. June.

Since late July, Kenyan organizations have been under siege and a number of businesses in the country, such as banks, media, hospitals, universities and other businesses, have all reportedly been targeted by a DDoS offensive that would have lasted several days.

The effects of these attacks are far-reaching, the report says, and include challenges such as service unavailability, loss of revenue, reduced productivity, remediation costs and reputational damage.

How, then, do African companies take steps to mediate this type of attack, or at least minimize the damage caused by cybercriminals? The answer is to ensure the right strategic steps are in place.

Implementation of an incident response plan

A great place to start is to have an incident response plan in place; a formal written document approved by senior management, providing a set of instructions for organizations to detect, respond to, and recover from a cyber incident.

In the event of an attack, the company would then consult its incident response plan and take the recommended actions.

For example, Datacentrix’s incident response plan follows several steps:

  1. The first, once the plan is invoked in the event of a cybersecurity incident, is to alert all responsible individuals within the company, including the head of governance and risk, senior management and executives.
  2. The next step is to build a Datacentrix Security Operations Center (SOC) team of security experts, which would include members from different cybersecurity disciplines.
  3. Datacentrix would then open a “war room,” integrating all of its technical cybersecurity experts, responsible for investigating the attack, designing what needs to be done from a mitigation perspective, and implementing the necessary measures.
  4. All stakeholders would be kept informed of the progress made during this process.

Ideally, an incident response plan should respond to all types of cyberattacks, and whether it’s a ransomware or malware attack, for example, the response should always remain the same – at least initially.

This means that all members of the technical and operational teams are involved from the earliest stages, until it is decided how the mitigation will be implemented. If different teams are responsible for handling different types of attacks, the company runs the risk of losing sight of the overall cybersecurity picture and being vulnerable to other types of incidents.

Proactivity is key

Datacentrix’s advice is that organizations should not only have an incident response plan in place, but also ensure it is regularly put to the test. This could be achieved through attack simulations (penetration testing) to check for exploitable vulnerabilities, say, at least two to four times a year. These exercises will confirm that, wherever possible, all stakeholders and teams involved are ready for a real attack on the business.

Additionally, companies should conduct frequent check-ins with their security engineering teams to confirm that they have the appropriate security certifications.

Another essential exercise is to ensure that the company provides ongoing cybersecurity training to end users. This is of paramount importance, given that more than 80% of attacks are caused by human error.

You were attacked, what next?

It is increasingly unlikely that African businesses will remain unscathed by cyberattacks. It is therefore important to think about ways to recover in the event of an incident.

To begin, the organization should examine the type of incident encountered and see how it can then take more effective steps to protect its business systems against future similar attacks.

Again, the company should also consider more effective end-user training, as well as raising awareness of its incident response plan among stakeholders, checking what the plan means for the company and how it can be improved.

Companies that do not have a dedicated in-house security team should seek the support of an established cybersecurity partner that offers Security Operation Center (SOC) services.

An outsourced SOC offers the benefits of immediate 24/7 access to a team of cybersecurity experts along with the latest advanced technologies, shared threat intelligence, scalability options and also reduced operational costs.

In addition to the set of powerful, proactive and multi-disciplinary cybersecurity measures, an experienced cybersecurity partner will further be able to contribute to the establishment of a rock-solid incident response plan and simulations and regular test scenarios.

By Brian Smith, Business Unit Manager, Datacentrix

You may also like

Leave a Comment

The news website dedicated to showcasing Africa news is a valuable platform that offers a diverse and comprehensive look into the continent’s latest developments. Covering everything from politics and economics to culture and wildlife conservation

u00a92022 All Right Reserved. Designed and Developed by PenciDesign