Kathy Gibson reports – Africa is unique in the world when it comes to cyber resilience and data protection.

Kate Mollett, regional director: South Africa and SADC at Commvault, explains that cybercrime that takes place in Africa could have wide-ranging effects around the world.

Speaking at the Commvault Connections SA event in Johannesburg today, she says companies and governments in Africa are actively trying to increase their cyber resilience.

“But it is difficult to be one step ahead of the bad actors,” she says. “And cyber resilience is always only as strong as the weakest link.”

We need to ensure that Africa doesn’t become fertile ground for cyberattacks, Mollett says.

The continent has huge potential for technology solutions, she adds. With a young population and the fastest-growing connectivity penetration in the world, technology is the go-to for solutions to the myriad challenges in Africa.

“Our young people look at connectivity, technology, and information to solve their challenges and have embraced solutions like online banking.”

There are already half a billion Internet users in Africa, but there is still huge opportunity for growth, Mollett says.

“On the flip side, this is a challenge, because 90% of all businesses on the continent do not have the protocols in place for security and data management,” she adds. “So we are quite vulnerable.”

Accenture has identified South Africa as having the third-highest number of cybercrime victims in the world, having experienced a 100% increase in mobile banking threats.

“So we need to safeguard and protect data to ensure organisations have a robust cyber resilience strategy.”

Ransomware attacks cost, on average, $300 000 each and it takes companies 21 days to recover – and 62% of all businesses in Africa have had a ransomware attack against critical infrastructure.

“This will continue,” Mollett says.

While ransomware is currently the fourth-most common form of cyberattack, she believes this will start to move up the stack, overtaking online scams, digital extortion, and business email compromise which are currently leading the charge. The fifth most-popular attacks are from botnets.

“How do you defend against these threats?” Mollett asks. “You need to have an active defence strategy.”

Indeed, by the time you are dealing with a cyberattack it is probably too late.

This is the chilling message from Nizar Elfarra, regional sales engineering leader at Commvault, who points out that cyberthreats could have been in your network for months before you even know they are there.

“And the period they are there is getting longer as they become more intelligent,” he says. “This is why you need active data protection.”

Today, most companies’ data resides on-premise, in private and public clouds, and on user devices. “So the perimeter is huge. And typical data protection solutions are not geared for this,” Elfarra says. “So you need to rethink your data protection strategy and be proactive in your defence.”

Today, attacks are faster and broader than ever. They sit on devices for longer than before and execute attacks below the radar, exfiltrating and encrypting data. Then they break operational continuity to prevent recovery.

Nowadays, the average breakout time has been accelerated to 84 minutes.

Worryingly, 93% of attacks now target backup repositories, Elfarra explains.

“So you need to rethink your data protection strategy and go for solutions that are next-generation.”

Companies are confronting a new wave of cyberthreats: there has been a 29% increase in dwell time, from seven to nine days; 71% of attacks are malware-free, so they fly under the radar; and more attacks than ever are using double or even triple extortion.

Traditional security secures the perimeter or focus on the last line of defence, Elfarra says. But a lot of today’s attacks are taking place between these protection methods.

“There is a need for detection and early warning,” Elfarra says. “So we are shifting data protection left.”

Bad actors today could gain access to the environment up to six months before an attack is launched, he explains. They move through the environment seeking weak points and looking for critical systems or data. When they execute the attack it can take place quickly before the bad actor exits.

Most companies protect against data loss by performing daily backups, doing anomaly detection, and then remediating if an attack happens.

Commvault advocates moving the data protection further down the line to provide active defence to detect risks before an attack occurs.