As organisations enter a third year of remote and hybrid work models, they need to invest more in key basic cyber security solutions and practices to stay ahead of ever-changing cyber threats.
This is according to Willem Coetzee, CEO of Remoteq, an Axiz partner for security services and solutions within the Axiz Advanced Security Practice.
Coetzee says: “In 2020, the global pandemic caused a sudden shift to remote and hybrid work and forced organisations to pivot with little to no preparation or budget. Where organisations saw a crisis, criminals saw an opportunity and the entire threat landscape became more treacherous. Seven of every 10 companies were bracing for the worst, waiting anxiously for the next cyber attack and trying to determine where they were most vulnerable. That in itself put more pressure on IT teams who sought more budget for more security solutions and service providers.”
However, he notes, security is not the core business of most organisations. “They feel they have to strike a balance. While security teams understand that organisations’ data is their lifeblood and they have to invest in protecting it, unfortunately some organisations still see security as little more than an expense.”
Tumelo Mashego, Axiz business unit manager for security, says the continually evolving threat landscape means Axiz needs to take to market solutions that will enable customers to make sound cyber security decisions. “It further gives our customers the opportunity to get their cyber security foundation right by understanding what their vulnerabilities and risks are through the offered services, ie, vulnerability assessments and ongoing security awareness training.”
Coetzee says key areas organisations need to focus on to improve their cyber resilience in 2020 include regular assessments of their security posture and ongoing in-depth training.
“In determining their security posture, many organisations run annual penetration testing and vulnerability assessments and then shelve the outcome for the year. But hackers change their methods all the time, so organisations need to spend more time and effort on the exercises and do them more frequently,” Coetzee says.
Remoteq provides automatic penetration testing solutions, taking testing further than simply identifying vulnerabilities. “If we discover a vulnerability, we then, in a virtual environment, try to compromise it to see what the possible impact could be if this was exploited. This gives organisations a clear understanding of where it could cause impacts and the extent of the risk,” he says.
Coetzee notes that training also needs to become more of a priority in improving cyber resilience.
“Cyber security awareness needs to be a priority,” he says. “There is no use in an organisation investing in tools, software and hardware and upskilling IT when the receptionist and admin clerk don’t understand social engineering. These are the weak points in organisational security, so organisations must provide ongoing cyber security training for their staff.”
However, training should encompass more than simple lectures, he says.
“You need a partner offering both instructor-led training and simulations, so staff can see what ransomware is and how it looks, and learn to deal with it in a simulated environment.”
Remoteq is unique in the SADC region in its ability to offer cost-effective access to an advanced online simulation training platform and content. Says Coetzee: “Our simulation platform is world class and designed to be user friendly. Our simulation issues you with a virtual desktop in which we execute malicious software, making the experience highly educational and interactive, but also easy to use.”
In partnership with Axiz, Remoteq offers its security services and solutions in South Africa, and plans to extend them into the rest of the SADC region in future.