Businesses change and grow every day – as do the environments in which they operate, the constraints on their budgets, and the threats they face. This is particularly true when it comes to cybercrime – which has the potential to be one of the most costly line items on a business’s balance sheet, if it’s not properly addressed.

By Carlo Bolzonello, South Africa country lead for Trellix

The most common cyberthreats in South Africa are related to financially motivated cybercrime, such as crypto mining carried out by self-spreading malware, or by coin-miner modules dropped by malware. Those sound complex and like they belong in a different world to South Africa – but the digital world is global and pays no attention to man-made borders.

Along with ‘living off the land binaries’ that lurk in the background, harvesting data, these cyber-attacks mostly land up in a network or system when a user downloads a ‘cracked’ version of legitimate software, or they download something that looks like the software they intend, but it’s cleverly disguised malware.

These clever disguises are what make them so lethal in a business context, because many of them look like the tools that system administrators themselves would use. While some types of malware just lurk in the background and possibly harvest personal data such as banking details or corporates’ competitive information, others have a far more instant effect.

For example, we came across a Russian origin disk wiper malware recently, that quietly sat in the background, undetected by its host’s cybersecurity system. Once activated, that malware effectively destroyed everything on its host computer in 15 seconds – including its operating system and all data.

It’s true that new threats emerge every day, and many South African organisations that have prioritised the purchase of cybersecurity systems have chosen their solutions according to the specific types of threats that they are most concerned about. This can be a costly exercise, not only in terms of the spend on the solution, but in terms of the skills and human resources needed to manage them effectively.

Compared to its global counterparts, South Africa’s banking sector is extremely advanced and competitive – making it a target for industrial espionage, data theft, and identity theft, among others.

Our utilities sector is vulnerable to attack – particularly to ransomware. Imagine the consequences if that were to fall victim to that malware that destroys computers in 15 seconds – the whole country would be plunged into darkness!

In addition to there being just one electricity utility that generates most of our energy, each metropole has its own organisations that re-sell electricity and water to their residents – each with its own deep databases that hold customers’ personal and financial information, making them prime targets for cybercriminals.

In the media sector, media platforms are vulnerable to cybercriminals who want to gather data about their readers, or use their platforms to spread malicious content.

These are all real challenges faced by organisations that have to keep tight controls on budgets in a cash strapped environment – and that simply can’t afford to CAPEX new cybersecurity interventions every time that there’s a new threat on the horizon, or in their inbox.

That’s why an ‘extended detection and response’ (XDR) cybersecurity architecture that uses machine learning and automation that evolves and develops just as fast as cybersecurity threats evolve, gives organisations a holistic view of their cybersecurity status, along with the tools they need to respond quickly when a threat is identified.

For example, the Trellix XDR platform offers tools that span security information and management; security orchestration, automation, and response; and user and entity (business) behaviour analytics.

This approach to ‘living security’ means that organisations have a greater level of resilience to threats – without having to expand their internal cybersecurity teams. Because companies and their IT systems are living, constantly evolving environments, XDR makes it easier to manage cybersecurity, and to respond quickly and effectively to threats before they cost businesses money – in hard costs, opportunities, and reputational damage.

Another key advantage of adopting an XDR approach is that it is open and integrated, and can leverage the tools that an organisation already has in place. That’s why we engage with each client to understand the maturity of their cybersecurity infrastructure. After that, we work with them to deliver tangible tools and opportunities to leverage the best possible protection, while still honouring the contracts and commitments that they have in place with other security providers.